Edit History Actions Discussion

Diff for "Howto/SSHKeys"

Differences between revisions 1 and 4 (spanning 3 versions)
Revision 1 as of 2010-01-28 21:04:11
Size: 159
Editor: 78
Comment: bootsrapping the page
Revision 4 as of 2010-01-28 22:34:01
Size: 2745
Editor: arthax0r
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
 # install pageant from [[http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html|putty]]  1. install pageant from [[http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html|putty]]
 1. exchanges keys
 1. launch pageant
 1. enter your secret passphrase
Line 5: Line 8:
man ssh SSH keys are the way, especially when used with you maintain your config file as well. Here is the quick and dirty version.

Create your RSA keys in ~/.ssh/

 * $ ssh-keygen
  * id_rsa (your private key, keep secure it is like knowing your password)
  * id_rsa.pub (your public key, you copy this places you want to recognize you [sorta])

This right here is the easy way to do something I did by hand for a long time:

 * $ ssh-copy-id username@blinkenshell.org

This appends ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys file of the remote host. It also removes group writability on ~/.ssh and ~/.ssh/authorized_keys in case StrictModes is set on the server. ''The negative aspect to this approach is that you cannot specify a port, so if the service is running on a non-standard port, such as the case with Blinkenshell, you need to add the host to your config file first.'' The manual way to do it is as follows:

 * $ scp -P 2222 ~/.ssh/id_rsa.pub username@blinkenshell.org :./ssh/authorized_keys

Which seems just as easy, but is not, if you already have an authorized key file and want to append to it rather than overwrite it. Plus, ssh-copy-id will create ~/.ssh if it does not already, which it won't, if you have not ssh'd out from that account on that box. In which case it would be something like this:

 * $ ssh -p 2222 username@blinkenshell.org mkdir .ssh
 * $ scp -P 2222 ~/.ssh/id_rsa.pub username@blinkenshell.org :
 * $ ssh -p 2222 username@blinkenshell.org cat id_rsa.pub >> .ssh/authorized_keys && rm id_rsa.pub && chmod -R 740 .ssh

'''Example Blinkenshell ~/.ssh/config Entry'''
 
 
This goes in ~/.ssh/ on the machine you are ssh'ing ''out'' of:

 Host blink

 Port 2222

 User arthax0r

 HostName blinkenshell.org

But ''without'' blank lines in between (buggy wiki editor), and ''with'' blank lines between entries for other hosts, and you can leave the port line out if it is on 22 as is standard. Also, you can leave out the user name is the same on both hosts (I think).

Now that you have a config file, it's as easy as this:

 * $ ssh-copy-id blink
 * $ ssh blink

 . Voila! No password prompt or long command line bs for ssh/scp, cuz you can also do this:
  * $ scp -r MySweetDirectoryFullOfGoodies blink:wherever/you/want (-r for recursive, extra knowledge for you!)

Enjoy your knew ssh pimp cane!
 . -ah'2010

== Potential tutorials ==
 * http://www.howtoforge.com/ssh_key_based_logins_putty
 * http://www.vpac.org/node/273

Windows

  1. install pageant from putty

  2. exchanges keys
  3. launch pageant
  4. enter your secret passphrase

Linux

SSH keys are the way, especially when used with you maintain your config file as well. Here is the quick and dirty version.

Create your RSA keys in ~/.ssh/

  • $ ssh-keygen
    • id_rsa (your private key, keep secure it is like knowing your password)
    • id_rsa.pub (your public key, you copy this places you want to recognize you [sorta])

This right here is the easy way to do something I did by hand for a long time:

This appends ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys file of the remote host. It also removes group writability on ~/.ssh and ~/.ssh/authorized_keys in case StrictModes is set on the server. The negative aspect to this approach is that you cannot specify a port, so if the service is running on a non-standard port, such as the case with Blinkenshell, you need to add the host to your config file first. The manual way to do it is as follows:

Which seems just as easy, but is not, if you already have an authorized key file and want to append to it rather than overwrite it. Plus, ssh-copy-id will create ~/.ssh if it does not already, which it won't, if you have not ssh'd out from that account on that box. In which case it would be something like this:

Example Blinkenshell ~/.ssh/config Entry

This goes in ~/.ssh/ on the machine you are ssh'ing out of:

  • Host blink Port 2222 User arthax0r

    HostName blinkenshell.org

But without blank lines in between (buggy wiki editor), and with blank lines between entries for other hosts, and you can leave the port line out if it is on 22 as is standard. Also, you can leave out the user name is the same on both hosts (I think).

Now that you have a config file, it's as easy as this:

  • $ ssh-copy-id blink
  • $ ssh blink
  • Voila! No password prompt or long command line bs for ssh/scp, cuz you can also do this:

Enjoy your knew ssh pimp cane!

  • -ah'2010

Potential tutorials


CategoryHowto