|
Size: 2196
Comment:
|
Size: 2146
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| #rev 2018-10-30 stroth | #rev 2020-09-09 bonaccos |
| Line 6: | Line 6: |
| pmuster@chinaski:~$ pmuster@chinaski:~$ ssh-keygen |
user@host:~$ ssh-keygen |
| Line 9: | Line 8: |
| Enter file in which to save the key (/home/pmuster/.ssh/id_rsa): Created directory '/home/pmuster/.ssh'. |
Enter file in which to save the key (/home/user/.ssh/id_rsa): Created directory '/home/user/.ssh'. |
| Line 13: | Line 12: |
| Your identification has been saved in /home/pmuster/.ssh/id_rsa. Your public key has been saved in /home/pmuster/.ssh/id_rsa.pub. |
Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. |
| Line 16: | Line 15: |
| d0:f5:bc:f8:16:da:5a:e3:5e:e5:ef:18:00:55:69:c8 pmuster@chinaski | d0:f5:bc:f8:16:da:5a:e3:5e:e5:ef:18:00:55:69:c8 user@host |
| Line 29: | Line 28: |
| pmuster@chinaski:~$ | pmuuserster@chinaski:~$ |
| Line 33: | Line 32: |
| > pmuster@chinaski:~$ cat .ssh/id_rsa.pub >> .ssh/authorized_keys | > user@host:~$ cat .ssh/id_rsa.pub >> .ssh/authorized_keys |
| Line 38: | Line 37: |
| If you do not protect the private key file with a password please be careful that nobody else can read this file (generally this is not a good idea, and might be usefull only in particular cases where a separate key is generated for an automation task and on the reciever side the key usage is restricted to that particular task). If somebody can read it your identity has been stolen and can be used from this person on every target where you have placed your public key. | If you do not protect the private key file with a password please be careful that nobody else can read this file (generally this is not a good idea, and might be useful only in particular cases where a separate key is generated for an automation task and on the reciever side the key usage is restricted to that particular task). If somebody can read it your identity has been stolen and can be used from this person on every target where you have placed your public key. |
SSH Key-Based Authentification
An SSH server can authenticate clients using a variety of different methods. The most basic of these is password authentication, which is easy to use, but not the most secure. SSH keys prove to be a reliable and secure alternative. To use this alternative you need a key pair with a public and a private key. You can generate a key pair with the command ssh-keygen:
user@host:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Created directory '/home/user/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: d0:f5:bc:f8:16:da:5a:e3:5e:e5:ef:18:00:55:69:c8 user@host The key's randomart image is: +---[RSA 2048]----+ | ...o.. | | . . +E o | | . . . o. | | . o . | | S . + .| | + o o | | . * o .| | = o o.| | ..o ..o| +-----------------+ pmuuserster@chinaski:~$
The public key must be uploaded to the remote server that you want to be able to log into with SSH. The key is added to a special file within the user account you will be logging into called ~/.ssh/authorized_keys. In our managed linux client environment with a network shared home directory you can do this with:
> user@host:~$ cat .ssh/id_rsa.pub >> .ssh/authorized_keys
Now you are able to perform a ssh keybased login from client to client.
If you do not protect the private key file with a password please be careful that nobody else can read this file (generally this is not a good idea, and might be useful only in particular cases where a separate key is generated for an automation task and on the reciever side the key usage is restricted to that particular task). If somebody can read it your identity has been stolen and can be used from this person on every target where you have placed your public key.