SSH Key-Based Authentification

An SSH server can authenticate clients using a variety of different methods. The most basic of these is password authentication, which is easy to use, but not the most secure.

SSH keys prove to be a reliable and secure alternative. To use this alternative you need a key pair with a public and a private key. You can generate a key pair with the command ssh-keygen:

pmuster@chinaski:~$ 
pmuster@chinaski:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/pmuster/.ssh/id_rsa): 
Created directory '/home/pmuster/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/pmuster/.ssh/id_rsa.
Your public key has been saved in /home/pmuster/.ssh/id_rsa.pub.
The key fingerprint is:
d0:f5:bc:f8:16:da:5a:e3:5e:e5:ef:18:00:55:69:c8 pmuster@chinaski
The key's randomart image is:
+---[RSA 2048]----+
|          ...o.. |
|       . . +E o  |
|      . . . o.   |
|       .   o .   |
|        S . +   .|
|           + o o |
|          . * o .|
|           = o o.|
|          ..o ..o|
+-----------------+
pmuster@chinaski:~$ 

The public key must be uploaded to the remote server that you want to be able to log into with SSH. The key is added to a special file within the user account you will be logging into called ~/.ssh/authorized_keys. In our managed client linux environment with your shared home directory you can do this with:

> pmuster@chinaski:~$ cat .ssh/id_rsa.pub >> .ssh/authorized_keys

Now you are able to perform a ssh keybased login from client to client.

If you do not protect the private key file with a password please be careful that nobody else can read this file. If somebody can read it your identity has been stolen and can be used from this person on every target where you have placed your public key.