Here's a quick way to create and add ssh keys to a server:
- Generate your ssh key on your client machine:
ssh-keygen -t dsa
Note: Set a password for your key. (see note) - Secure Copy (scp) the key to your ssh server:
scp .ssh/id_dsa.pub username@server.com:.ssh/id_dsa.pub
- Add the key to your authorized_keys2 file:
ssh username@server.com 'cat .ssh/id_dsa.pub >> .ssh/authorized_keys2'
- Shortcut: Combine steps 2 and 3:
cat ~/.ssh/id_dsa.pub | ssh username@server.com 'mkdir -p ~/.ssh && cat - >> ~/.ssh/authorized_keys2'
Note on SSH Key Passwords
On step 1, you have the option to add a password to your key. If you don't add a password and someone gets ahold of your private key, they will be able to access any server that you have given that key access to. By setting a password, the user still has to know your key password to use it. Though the purpose of this tutorial is to speed up and secure your login, you will still have to type in that password you set in step 1 every time you log in to an ssh server. This is where SSH Keychain comes into play.
SSH Keychain on the Mac
Leopard has this functionality built into the Keychain, but if you are on 10.4 or older, you can use SSH Keychain on the Mac to manage your SSH passwords. This great little app lets you store your ssh passwords in your computer's Keychain so you're not constantly having to type it in. Download it at http://www.sshkeychain.org/ and add your keys to it.
Why Use SSH Keys Anyways?
When you log into an SSH server , you have to send your password over the network at least once. Any network traffic can be potentially captured and, given a long enough time span, decrypted.
SSH keys work on the principle of Public Key Cryptography, which is beyond the scope of this article. In general it allows the server to verify who you are based on this key trust you just set up. Since your keys are cryptographically strong (usually 1024+ bit), it's much more difficult to hack than a short, memorable password.
Multiple Users
SSH keys also allow you to give multiple users access to a single account on your SSH server by simply adding everyone's keys to the single account.
For more in-depth information on SSH keys, see Authentication by Cryptographic Key by O'REILLY.
No comments:
Post a Comment