Saturday, September 15, 2007

Generating SSH keys for automatic Login

Here is a copy of what I used off an O'Reilly guide - I've ammended it with my changes.

To use public keys with an ssh server, you'll first need to generate a public/private key pair:

$ ssh-keygen -t rsa

After you enter the above command, you should see something like:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/rob/.ssh/id_rsa):

Just hit Enter there. It will then ask you for a pass phrase; just hit enter twice. Here's what the results should look like:

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/rob/.ssh/id_rsa.
Your public key has been saved in /home/rob/.ssh/id_rsa.pub.
The key fingerprint is:
a6:5c:c3:eb:18:94:0b:06:a1:a6:29:58:fa:80:0a:bc rob@localhost

You can enter a password at the next part if you like, but then you'll have to enter that password every time you try to use the key, which almost defeats the purpose. A compromise is to enter a password, and then use:

$ ssh-agent sh -c 'ssh-add < /dev/null && bash

Back to the original use case - this created two files, ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. To use this keypair on a server, try this:

$ ssh server "mkdir .ssh; chmod 0700 .ssh"
$ scp .ssh/id_rsa.pub server:.ssh/authorized_keys2

.ssh/authorized_keys2 is a file, not a directory. the .ssh directory has permissions 700, as above. The subdirectory has permissions 644, I think.

This task took about 5-10 minutes, and another 5-10 to create this writeup.