|
Size: 2139
Comment:
|
Size: 2383
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
| {{{#!wiki caution When connecting a first time to a SSH server key point is always to verify the presented fingerprint of the remote SSH server. }}} |
|
| Line 34: | Line 37: |
| Now you are able to perform a ssh keybased login from client to client. | To instead install the public key on a remote machine you can use the helper `copy-ssh-id`. Now you are able to perform a ssh keybased login from client to client. |
When connecting a first time to a SSH server key point is always to verify the presented fingerprint of the remote SSH server.
SSH Key-Based Authentification
An SSH server can authenticate clients using a variety of different methods. The most basic of these is password authentication, which is easy to use, but not the most secure. SSH keys prove to be a reliable and secure alternative. To use this alternative you need a key pair with a public and a private key. You can generate a key pair with the command ssh-keygen:
user@host:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Created directory '/home/user/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: d0:f5:bc:f8:16:da:5a:e3:5e:e5:ef:18:00:55:69:c8 user@host The key's randomart image is: +---[RSA 2048]----+ | ...o.. | | . . +E o | | . . . o. | | . o . | | S . + .| | + o o | | . * o .| | = o o.| | ..o ..o| +-----------------+ user@chinaski:~$
The public key must be uploaded to the remote server that you want to be able to log into with SSH. The key is added to a special file within the user account you will be logging into called ~/.ssh/authorized_keys. In our managed linux client environment with a network shared home directory you can do this with:
> user@host:~$ cat .ssh/id_rsa.pub >> .ssh/authorized_keys
To instead install the public key on a remote machine you can use the helper copy-ssh-id. Now you are able to perform a ssh keybased login from client to client.
If you do not protect the private key file with a password please be careful that nobody else can read this file (generally this is not a good idea, and might be useful only in particular cases where a separate key is generated for an automation task and on the reciever side the key usage is restricted to that particular task). If somebody can read it your identity has been stolen and can be used from this person on every target where you have placed your public key.