...
Particularly if your system is available through ssh on the Internet key based authentication should be considered.
We use RSA because of is often used over DSA because it has a the stronger key length of 2048 and 4096. DSA can only be 1024.
It is unlikely you will run into issues if the versions of OpenSSH are different from client and server. However, just in case, you might want to determine the version of Open SSH installed,
| Code Block | ||
|---|---|---|
| ||
Tin-Phams-iMac:~ tinpham$ ssh -V #Determine SSH client version OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 Tin-Phams-iMac:~ tinpham$ sshd -v #Determine SSH Server version (ignore the error message) sshd: illegal option -- v OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file] [-g login_grace_time] [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] Tin-Phams-iMac:~ tinpham$ |
Generate Public and Private Keys on Client Machine
...
ssh-keygen without parameters generates a 2048 RSA key,public and private keys.
| Code Block | ||
|---|---|---|
| ||
Tin-Phams-iMac:~ tinpham$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/Users/tinpham/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/tinpham/.ssh/id_rsa. Your public key has been saved in /Users/tinpham/.ssh/id_rsa.pub. The key fingerprint is: c7:6c:3e:87:4a:09:90:ef:6d:a9:88:f8:f0:89:d2:13 tinpham@Tin-Phams-iMac.local The key's randomart image is: +--[ RSA 2048]----+ | . oo. | | s .. . | | ...++ .| | T . +.=...| | F o + *. | | + o + . | | C . | | . + | | | +-----------------+ Tin-Phams-iMac:~ tinpham$ |
On a Unix system file permissions should automatically be set to protect your key files from other accounts.
Windows
| Warning |
|---|
Instructions for Windows to be put here. |
...