Warning |
---|
This article is in draft. The tone of the article does not fall in line with the rest of the site. The examples are not yet made clear. This also needs a followup article about how to use keys across multiple systems and moving keys across systems. |
Introduction
If your system is available through ssh on the Internet key based authentication should be used.
...
Code Block | ||
---|---|---|
| ||
ssh -V #Determine SSH client version OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 sshd -v #Determine SSH Server version (ignore the error message) sshd: illegal option -- v OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file] [-g login_grace_time] [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] |
Generate Public and Private Keys on Client Machine
In principle, the generation of the Public and Private keys are done by user themselves on their own machine. This is because even the Unix Administrator should not have the user's private key.
...
With a Unix based system this can be accomplished with the command line as follows. Windows does not have a native way of doing this, but most Windows ssh client programs will provide a means of key generation.
Unix Based System
ssh-keygen without parameters generates 2048 RSA public and private keys.
...
On a Unix system file permissions should automatically be set to protect your key files from other accounts.
Windows
Warning |
---|
Instructions for Windows to be put here. |
If you are on a Windows machine, make sure to store your private key on a protected location. Usually this would be your Windows desktop or home directory.
Place Public Key on Server
Ubuntu Shortcut
If you happen to using a Linux client there is a shortcut to getting everything up and running on the server,
...
Warning |
---|
To provide details here. |
Copy Over Key
Since I happen to be using Mac OS X I do this manually,
Code Block | ||
---|---|---|
| ||
scp .ssh/id_rsa.pub bhitch@krypton.com:~ |
Setup .ssh Directory
Log into the server using your existing authentication method,
...
Code Block | ||
---|---|---|
| ||
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys |
Test Key Based Authetication
Warning |
---|
Roderick you can put the instructions here. |
Disable Password Authentication
Modify the sshd_config file to disable password authentication,
...
The Permission denied indicates that password authentication is now disabled.
Key Compromise
...
Strategies
Reusing Public Keys Across Machines
You can actually reuse public keys across machines. With this approach, you only need to keep track of one private key per user.
Resources
http://www.ibm.com/developerworks/library/l-keyc.html - pretty good article, I think I can improve it, shorter, clearly show when running on client or server.
...