SSH Usage (OpenSSH): Difference between revisions

This article deals with SSH authentication and usage. SSH allows you to do many things, including sending commands to a remote server.

Public Key Authentication

• Public key authentication allows you to log in via SSH, without supplying a password. The server will use your public key to send you a challenge, that you will decrypt on the client side with your private key. To get public key authentication working, follow the following steps:
  • Generate a RSA public/private key pair on the client with ssh-keygen.
  • Transfer the public key on the server, and append it to the file ~/.ssh/authorized_keys. Note that this is dependent on the user you want to log as; if you want to use your key to log in as several users, you must add it to the authorized_keys file of each user.

chmod 700 .ssh
chmod 600 .ssh/authorized_keys
cat ../id_dsa.pub >> authorized_keys

• Make sure that the server configuration allows public key authentication.

• Public key authentication requires strict permissions on several files and directories: $HOME, $HOME/.ssh/ and $HOME/.ssh/authorized_keys. Else it simply won't work. On $HOME, only the user should be able to write. On the $HOME/.ssh/ and $HOME/.ssh/authorized_keys, even read access should be restricted to the user.

• Beware of the format of the id_rsa.pub file. If you make a mistake, for example add a new line, parsing will fail and will confuse OpenSSH.