Introduction
...
RSA appears to be higher security for the following reason,
- Stronger key length as high as 2048 versus DSA which must be 1024
Determine version of Open SSH installed,
Tin-Phams-iMac:~ tinpham$ ssh -V OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 Tin-Phams-iMac:~ tinpham$ sshd -v sshd: illegal option -- v OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file] [-g login_grace_time] [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] Tin-Phams-iMac:~ tinpham$
Generate Public and Private Keys on Client Machine
Usually this is done on the client machine however, most windows systems do not have open ssh.
ssh-keygen without parameters generates a 2048 RSA key,
Tin-Phams-iMac:~ tinpham$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/Users/tinpham/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/tinpham/.ssh/id_rsa. Your public key has been saved in /Users/tinpham/.ssh/id_rsa.pub. The key fingerprint is: c7:6c:3e:87:4a:09:90:ef:6d:a9:88:f8:f0:89:d2:13 tinpham@Tin-Phams-iMac.local The key's randomart image is: +--[ RSA 2048]----+ | . oo. | | s .. . | | ...++ .| | T . +.=...| | F o + *. | | + o + . | | C . | | . + | | | +-----------------+ Tin-Phams-iMac:~ tinpham$
If you happen to using a Linux client there is a shortcut to copying the public key to the server,
ssh-copy-id username@remotehost
Since I happen to be using Mac OS X I do this manually,
ssh-copy-id username@remotehost
...
Disable Password Authentication
Adjust the following,
# Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes
Remove the comment and change to no
Resources
http://www.ibm.com/developerworks/library/l-keyc.html - pretty good article, I think I can improve it, shorter, clearly show when running on client or server.
http://serverfault.com/questions/40071/ssh-keypair-generation-rsa-or-dsa - talks about key length.
https://help.ubuntu.com/10.10/serverguide/C/openssh-server.html - Ubuntu version of docs.