Setting Up Public Key Authentication (PKA) Over SSH

by Willie Wheeler

Wednesday, March 19, 2008

Learn how to set up public key authentication (PKA) over SSH.

I assume you already know the whys, concepts, and terminology; this is just a statement of the steps involved. I'm using OpenSSH and a DSA key pair.

Step 1. Generate a key pair:

ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/Willie/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/Willie/.ssh/id_dsa.
Your public key has been saved in /home/Willie/.ssh/id_dsa.pub.
The key fingerprint is:
f2:f7:5b:9b:f7:64:2b:d8:fe:ca:ad:f5:13:35:9f:63 Willie@ARCATA

This creates your key pair, and places them in your ~/.ssh directory. The public key is id_dsa.pub; the private key is id_dsa. If it isn't already obvious, the public key is not a secret, and the private key is. :-)

Step 2. Install the public key to any SSH servers for which you'd like to use PKA. To do this, SSH into the server machine and open up the ~/.ssh/authorized_keys file in a text editor. If you haven't already installed a public key to the server in the past, then you'll be creating a new file. Just append the contents of your id_dsa.pub file to authorized_keys. Here's mine:

ssh-dss AAAAB3NzaC1kc3MAAACBAOybEZ4kAaKROXoibeR+V/ajTY3L/aN6K5lVbdWKsw+9uPl/cyj4
6Qu5UYHkLS5tiGci8Olx7jNfku4/k1z8/JoGDTqwAixMxgb/NNKTUB7ZnhxfVTenSI/oVtM/lNpCiOdg
U7ESOyNrxPFVU6K1pWId+LGxeweWTw+08vwIOShTAAAAFQDx6q5JWhV2EDGUMXFwj3QF8+8a4wAAAIBW
Mee5MphZPYxG7la772tAYREo+37eXfP3SW49GmPHJFdydFcf5VtroLlzKJ1Iy9HUwnKjiEv2qE1B2xVD
jJslgQ34QVKKswQDRCXlyshyKbbRMd37MSYNpNqdZ5gTJT+EMa8+NoTUGwXOitSMMtx2WmpVo4Fu7Fp1
eDYvSVChjAAAAIB6uisHso6iPMz11qbKNaHSIqIAV+7iNJZD7aeFuytLDG20Y70b4Jy4Mr4g8RH+MtAL
fyq6aTcv/g/j2DMeJjwjqLXQFbaFekmQEOfoQ6IZJ5CylthMP1PzRcR5KeCUInKj9CRkTlWLlTMk5es+
VEebIHg9SWNstkjWBLwlQhemgA== Willie@ARCATA

(For formatting purposes, I've included line breaks above, but don't introduce line breaks into your public key when you paste it into authorized_keys.)

Step 3. Adjust the permissions on your .ssh directory, and on the files inside it, so that nobody else can write to them.

Step 4. Set up the SSH agent. This allows you to enter your passphrase one time per shell session instead of having to type it in every time you want to SSH to your server. Just type ssh-agent followed by ssh-add. Some people just put this in their startup script (e.g., .bash_profile). You'll need to use eval $(ssh-agent) instead of ssh-agent if you choose to do that. You'll have to enter your passphrase every time you open a shell, but after that you can SSH anywhere where you've installed your public key without having to enter your passphrase.

Comments (3)

nice

By ronny on Mar 9, 2008 at 1:35 PM PDT

Quinceanera Dresses Best canon Coffee Mugs! Funny, Cute, & Humorous Unique designs. Also find Travel Mugs, Coffee Cups also, or Create Photo Personalized Mugs & Drinkware canon mugs canon lens mugs Nikon Mugs Canon Coffee Lens Mug Nikon Coffee Lens Mug anon coffee mug,canon lens mug,canon mug,canon coffee cup,canon thermos travel mug Canon 70-200mm Lens Coffee Mug

By dress on Aug 30, 2010 at 2:55 AM PDT

he myth of pandora is ancient, appears in several distinct Greek versions, pandora armbandand has been interpreted in many ways. In all literary versions, Neu Eingetroffen however, Pandora Armb�nder the myth is a rosetta stone kind of theodicy, addressing the question pop information, web easy get, sports fashion, news-fashionof why there is evil in the world. In the seventh hot-winter century BC, Hesiod, both in his Theogony (briefly, without naming Pandora outright rosetta stone language, rosetta stone spanish, abercrombie and fitch, Abercrombie Fitch

By pandora schmuck on Aug 30, 2010 at 10:54 PM PDT

Setting Up Public Key Authentication (PKA) Over SSH

Comments (3)

Post a comment

What's New?