Step 1. Verify that you can connect normally (using a password) to the server you intend to setup keys for:
Examples
user@system1 ~ $ ssh username@’system2′
Or:
user@system1 ~ $ ssh username@’ipaddress’
If your username is the same on both the client (’system1′) and the server (’system2′):
user@system1 ~ $ ssh ’system2′
Or:
user@system1 ~ $ ssh ‘ipaddress’
If this is your first time connecting to ’system1′ (or ‘ipaddress’), upon establishing a connection with the server you’ll be asked if you want to add the servers to the known_hosts file on your computer.
# Press ‘enter’ to add the fingerprint.
Step 2. Now that you’re connected to the server and verified that you have everything you need for access (hopefully), disconnect by typing ‘exit’ .
Examples
user@system2 ~ $ exit
You should be back at:
user@system1 ~ $
Step 3. The next step is to copy a unique key generated on your ’system1′ to the server you are connecting too. First, before you generate a new key, check to see if you already have a key:
Example
user@system1 ~ $ ls -l ~/.ssh
total 20
-rwx–xr-x 1 user user 601 Feb 2 01:58 authorized_keys
-rwx–xr-x 1 user user 668 Jan 1 19:26 id_dsa
-rwx–xr-x 1 user user 599 Jan 1 19:26 id_dsa.pub
-rwx–xr-x 1 user user 6257 Feb 2 21:04 known_hosts
The file you need to copy to the server is named id_dsa.pub. As you can see above, the file needed exists. You may or may not have other files in ~/.ssh . If the key doesn’t exist, however, you can make one as follows:
Example
user@system1 ~ $ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): # Press ‘enter’ here
Enter passphrase (empty for no passphrase): # Press ‘enter’ here
Enter same passphrase again: # Press ‘enter’ here
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
6f:c3:cb:50:e6:e9:90:f0:0f:68:d2:10:56:eb:1d:91 user@host
Entering a password when asked during the key generation processes when prompted would require you to enter a password each time you SSH/SCP to the server which defeats the purpose of this document.
Step 4. Regardless whether you had a key ready to go or if you had to generate a new key, the next step is the same in either case. Now you’re ready to copy the key to the server. Do so like this:
Example
user@system1 ~ $ ssh-copy-id -i ~/.ssh/id_dsa.pub user@’system2′ (or ‘ipaddress’)
If you are asked weather or not you wish to continue, say yes.
Step 5. Now it’s time to test the setup. To do that, try to ssh to the server:
Example
user@system1 ~ $ ssh ’system2′ (or ‘ipaddress’)
You should log in to the remote host without being asked for a password.
Step 6. You can now SSH or SCP to the remote host without having to enter a password at each connection. To make sure your public key stays secure from prying eyes, do the following to change permissions and restrict access on ’system1′ and also on ’system2′ to ~/.ssh:
Example
user@system1 ~ $ chmod 600 ~/.ssh/id_dsa ~/.ssh/id_dsa.pub
Verify the permissions on the files:
Example
user@system1 ~ $ ls -l ~/.ssh
-rw——- 1 user user 668 Feb 4 19:26 id_dsa
-rw——- 1 user user 599 Feb 4 19:26 id_dsa.pub
For more information or support on ssh or scp call us 410-838-5100 or email us experts@expertsinunix.com.
Skype: solution1000