...
Determine version of Open SSH installed,
Code Block |
---|
|
Tin-Phams-iMac:~ tinpham$ ssh -V
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
Tin-Phams-iMac:~ tinpham$ sshd -v
sshd: illegal option -- v
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file]
[-g login_grace_time] [-h host_key_file] [-k key_gen_time]
[-o option] [-p port] [-u len]
Tin-Phams-iMac:~ tinpham$
|
...
ssh-keygen without parameters generates a 2048 RSA key,
Code Block |
---|
|
Tin-Phams-iMac:~ tinpham$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/tinpham/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/tinpham/.ssh/id_rsa.
Your public key has been saved in /Users/tinpham/.ssh/id_rsa.pub.
The key fingerprint is:
c7:6c:3e:87:4a:09:90:ef:6d:a9:88:f8:f0:89:d2:13 tinpham@Tin-Phams-iMac.local
The key's randomart image is:
+--[ RSA 2048]----+
| . oo. |
| s .. . |
| ...++ .|
| T . +.=...|
| F o + *. |
| + o + . |
| C . |
| . + |
| |
+-----------------+
Tin-Phams-iMac:~ tinpham$
|
...
If you happen to using a Linux client there is a shortcut to getting everything up and running on the server,
Code Block |
---|
|
ssh-copy-id username@remotehost |
...
Since I happen to be using Mac OS X I do this manually,
Code Block |
---|
|
scp .ssh/id_rsa.pub bhitch@krypton.com:~ |
...
First check in your home folder that you have a .ssh directory and an authorized_keys. If you had used your account to access another server through ssh the files may have been created for you. Otherwise, perform the following steps,
Code Block |
---|
|
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
|
Add the ublic key added to the authorized_keys file,
Code Block |
---|
|
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
|
...
Adjust the following,
Code Block |
---|
|
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
|
Remove the comment and change to no
Code Block |
---|
|
sudo /etc/init.d/ssh reload
* Reloading OpenBSD Secure Shell server's configuration sshd
...done.
|
Now go to another machine and try to authenticate using ssh,
Code Block |
---|
|
ssh tpham@lemonbistro.com
Permission denied (publickey).
|
...