June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
6.4. Authenticating by Public Key (OpenSSH)
Problem
You want to set up public-key authentication between an OpenSSH client and an OpenSSH server.
Solution
Generate a key if necessary:
$ mkdir -p ~/.ssh If it doesn't already exist $ chmod 700 ~/.ssh $ cd ~/.ssh $ ssh-keygen -t dsaCopy the public key to the remote host:
$ scp -p id_dsa.pub remoteuser@remotehost: Password:
********Log into the remote host and install the public key:
$ ssh -l remoteuser remotehost Password:
********remotehost$ mkdir -p ~/.ssh If it doesn't already exist remotehost$ chmod 700 ~/.ssh remotehost$ cat id_dsa.pub >> ~/.ssh/authorized_keys (Appending) remotehost$ chmod 600 ~/.ssh/authorized_keys remotehost$ mv id_dsa.pub ~/.ssh Optional, just to be organized remotehost$ logoutLog back in via public-key authentication:
$ ssh -l remoteuser remotehost Enter passphrase for key '/home/smith/.ssh/id_dsa':
********
Tip
OpenSSH public keys go into the file ~/.ssh/authorized_keys. Older versions of OpenSSH, however, require SSH-2 protocol keys to be in ~/.ssh/authorized_keys2.
Discussion
Public-key authentication lets you prove your identity to a remote host using a cryptographic key instead of a login password. SSH keys are more secure than passwords because keys are never transmitted over the network, whereas passwords are (albeit encrypted). Also, keys are stored encrypted, so if someone steals yours, it’s useless without the passphrase for decrypting it. A stolen password, on the other hand, is immediately usable.
An ...