<< Prev  |  TOC  |  Front Page  |  Talkback  |  FAQ  |  Next >>
LINUX GAZETTE
...making Linux just a little more fun!
SSH with keys
By David Dorgan

 

It has come to my attention that a lot of people like using ssh, most do not use keys, some do. What struck me is that most of the people who do use keys don't use passphrases with them, when I asked some people why not, they said they didn't like typing their password each time, this isn't the case.


Some background, let's say you want to tell somebody your password for an account on a machine, but you don't know who is listening, your only method of communication is cleartext communication over an insecure channel. Then what to do you?
Public key cryptography is the answer, you can send your public key to anybody, you just keep your private key to yourself.

To create a key, simply run ssh-keygen, with the options
ssh-keygen -t dsa.
You should be prompted for where to save your keys, e.g. /home/user/.ssh/id_dsa and /home/user/.ssh/id_dsa.pub
Then you will be prompted for a password, public keep systems are great for security, however they are only as good as their weakest link, don't let your passphrase be the weakest link.

You should never *EVER* put your private key on a server, you should never put it on a disk.
Personally I just keep it on my laptop, nowhere else, ever. Then put your public key on the remote hosts in the file /home/user/.ssh/authorized_keys .

Some people have their servers setup to only accept RSA key authentication, which isn't a bad idea.

Now, people do complain about having to enter their passphrase each time, this isn't *really* an issue. Personally I start X with a script in rc.local.

$ cat /etc/rc.local
ssh-agent xdm
Now once inside X as your user, type ssh-add, enter your passphrase, now each xterm you open, you can type ssh server, and you won't be prompted for a password.
One point to note on this, be *SURE* to lock your workstation while away, even for a few seconds.

$Id: ssh-with-keys.html,v 1.4 2003/08/30 15:00:35 davidd Exp $

 

[BIO] David has been a very productive writer and plans to contribute more of his work in the future.


Copyright © 2003, David Dorgan. Copying license http://www.linuxgazette.com/copying.html
Published in Issue 96 of Linux Gazette, November 2003

<< Prev  |  TOC  |  Front Page  |  Talkback  |  FAQ  |  Next >>