SSH Usage (OpenSSH)
Jump to navigation
Jump to search
This article deals with SSH authentication and usage. SSH allows you to do many things, including sending commands to a remote server.
Public Key Authentication
- Public key authentication allows you to log in via SSH, without supplying a password. The server will use your public key to send you a challenge, that you will decrypt on the client side with your private key. To get public key authentication working, follow the following steps:
- Generate a RSA public/private key pair on the client with ssh-keygen.
- Transfer the public key on the server, and append it to the file ~/.ssh/authorized_keys. Note that this is dependent on the user you want to log as; if you want to use your key to log in as several users, you must add it to the authorized_keys file of each user.
- chmod 700 .ssh
- chmod 600 .ssh/authorized_keys
- cat ../id_dsa.pub >> authorized_keys
- Make sure that the server configuration allows public key authentication.
- Public key authentication requires strict permissions on several files and directories: $HOME, $HOME/.ssh/ and $HOME/.ssh/authorized_keys. Else it simply won't work. On $HOME, only the user should be able to write. On the $HOME/.ssh/ and $HOME/.ssh/authorized_keys, even read access should be restricted to the user.
- Beware of the format of the id_rsa.pub file. If you make a mistake, for example add a new line, parsing will fail and will confuse OpenSSH.