Synchronizing with OpenSSH - How to create and configure a public key in Linux
Setting up a public key
First of all, regardless if our Linux is a Debian, Red Hat, SuSe, etc, we must ensure that OpenSSH is the SSH application installed on the client system. The key generation varies under different SSH implementation. The command ssh-V should display a line containing OpenSSH, followed by other details
mail: ~ # ssh-V OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006
Generation of the Key
The RSA key pair must be generated on the client system. The public part of this key will be stored on servers to which we connect, while the private key must be stored in a secure area of the client system, by default in ~ / .ssh / id_rsa.
The key pair generation can be done with the ssh-keygen (1).
fher98 @ deathbian: ~ $ mkdir ~ /. ssh fher98 @ deathbian: ~ $ chmod 700 ~ /. ssh fher98 @ deathbian: ~ $ ssh-keygen-q-f ~ / .ssh / id_rsa-t rsa Enter passphrase (empty for no passphrase): Enter same passphrase again:
Do not use as your user password passphrase or leave it blank. The password should be at least 16 characters long, and not a simple prayer. A good option is a paragraph of any song or poem, using all possible grammatical symbols. During the configuration of ssh-agent will reduce the revenues required for the password, so we recommend using a long passphrase.
The file permissions must ensure that other users can not read data from the key pair. You may not permit the use OpenSSH public key authentication if the file permissions are not sure. These changes must be made on all systems involved.
fher98 @ deathbian: ~ $ chmod go-w ~ / fher98 @ deathbian: ~ $ chmod 700 ~ /. ssh fher98 @ deathbian: ~ $ chmod go-rwx ~ /. ssh / *
Distribution key
The public part of RSA key pair must be copied to all servers that will be accessed by the client. The information of public key to be copied can be found in the ~ / .ssh / id_rsa.pub client. Assuming that all servers use OpenSSH instead of other different implementations of SSH public key must be added to the file ~ / .ssh / authorized_keys in each server.
Copy the public key from client to server
fher98 @ deathbian: ~ $ scp ~ / .ssh / id_rsa.pub servidor.guatewireless.org: id_rsa.pub 100% 395 0.4KB / s 00:00
Now the public key is configured on the server
server $ mkdir ~ /. ssh server $ chmod 700 ~ /. ssh server $ cat ~ / id_rsa.pub>> ~ / .ssh / authorized_keys server $ chmod 600 ~ / .ssh / authorized_keys server $ rm ~ / id_rsa.pub
Remember that you need to add new data from public keys in authorized_keys file, so you can use multiple public keys on the same server. Each record of public key must be on a different line of the file.
To verify that connections to the server public keys are working properly engage in the following test;
From client
fher98 @ deathbian: ~ $ ssh-o PreferredAuthentications = publickey servidor.guatewireless.org Enter passphrase for key '/ ï ¿½ / .ssh / id_rsa': ï ¿½ ï ¿½ server $
In a future article will show you how to configure ssh-agent process.
Popularity: 13%
Thanks for your article, I found it quite good and I have implemented the service with one of my machines ... it has worked perfectly. As you might make a loggin automatically using the same concept ... keeping in mind that if you copy your key, there will be a serious security problem which is solved by generating another key and authorized_keys erasing earlier.
The article by ssh-agent, do not have it yet?
Greetings and thanks once again.
Ricardo:
I am pleased that you have served the article. It's a big problem if you steal the key, why must you well protected on your system to someone else not using it.
Still do not have the ssh-agent, but since you're interested in what you have for this week, we?
greetings! and thanks for reading