$Id: ssh.txt,v 1.1 2008/02/13 23:09:49 jerry Exp $ ssh.txt ------- Quick Version ------------- ssh-keygen -t dsa cd ~/.ssh scp id_dsa.pub jerry@marles: ssh marles cat id_dsa.pub >> .ssh/authorized_keys rm id_dsa.pub exit Detailed Version ---------------- There are two version of the SSH protocol, version 1 (DSA) and 2 (RSA), the identities are tied to the protocol version. Most SSH-servers use version 2 of the protocol, due to the weaknesses possessed by version 1. Create your private and public ssh keys (in the article we use DSA encryption), on the client machine type: $ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/gerard/.ssh/id_dsa): The default location is fine, so just press Enter passphrase (empty for no passphrase): Press again for an empty passphrase, at least if you do not want to be bothered for a password. One could set up an ssh-agent to handle the passphrases, although this document does not handle such a process. Enter same passphrase again: Press again key fingerprint is: 6f:c5:86:c7:67:69:02:1a:e4:a9:20:e6:16:13:5d:e5 username@host That process created two files in ~/.ssh: File: Contents of ~/.ssh -rw------- 1 bob users 668 Jun 17 23:52 id_dsa -rw-r--r-- 1 bob users 602 Jun 17 23:52 id_dsa.pub Server setup The file named id_dsa.pub is your public key, which you should copy to the server (here referred to as remotebox). The file should be appended to a file named ~/.ssh/authorized_keys on the server. Copy the id_dsa.pub file to the remote system: $ cd ~/.ssh $ scp id_dsa.pub username@remotebox: Enter your password to transfer the file, so that we can setup the authorized_keys file later. $ ssh -l username remotebox Password: Last login: Mon Jun 14 09:53:58 2004 $ Append the id_dsa.pub to ~/.ssh/authorized_keys, taking care to restrict permissions: $ mkdir -p .ssh $ chmod 700 .ssh $ cat id_dsa.pub >> .ssh/authorized_keys $ chmod 600 .ssh/authorized_keys Then delete the id_dsa.pub file, and log out: $ rm id_dsa.pub $ exit Testing $ ssh -l username remotebox Last login: Thu Jun 17 23:55:36 2004 from 192.168.34.2 $ If the system did not query you for a password everything is working properly. If it did not work check your sshd_config file. The following options should be set by default: File: /etc/ssh/sshd_config # Allow Identity Auth for SSH1? RSAAuthentication yes # Allow Identity Auth for SSH2? PubkeyAuthentication yes If anybody else has write permission to home directory this does not work. see /var/log/auth.log Now repeat the Server-part for every server you want to be able to login into without specifying the password. /*** end ***/