Edit History Actions Discussion

Diff for "Howto/SSHKeys"

Differences between revisions 3 and 8 (spanning 5 versions)
Revision 3 as of 2010-01-28 22:20:37
Size: 2675
Editor: arthax0r
Comment: How to set up ssh keys and config from command line
Revision 8 as of 2010-01-30 00:45:19
Size: 2689
Editor: arthax0r
Comment:
Deletions are marked like this. Additions are marked like this.
Line 10: Line 10:
 . Create your RSA keys in ~/.ssh/
 . * $ ssh-keygen
Create your RSA keys in ~/.ssh/

* $ ssh-keygen
Line 14: Line 15:
 . . This right here is the easy way to do something I did by hand for a long time:
  * * $ ssh-copy-id username@blinkenshell.org
 This appends ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys file of the remote host. It also removes group writability on ~/.ssh and ~/.ssh/authorized_keys in case StrictModes is set on the server. "The negative aspect to this approach is that you cannot specify a port, so if the service is running on a non-standard port, such as the case with Blinkenshell, you need to add the host to your config file first." The manual way to do it is as follows:
  * $ scp -P 2222 ~/.ssh/id_rsa.pub username@blinkenshell.org :./ssh/authorized_keys
Line 19: Line 16:
 . Which seems just as easy, but is not, if you already have an authorized key file and want to append to it rather than overwrite it. Plus, ssh-copy-id will create ~/.ssh if it does not already, which it won't, if you have not ssh'd out from that account on that box. In which case it would be something like this:
  * $ ssh -p 2222 username@blinkenshell.org mkdir .ssh
  * $ scp -P 2222 ~/.ssh/id_rsa.pub username@blinkenshell.org :
  * $ ssh -p 2222 username@blinkenshell.org cat id_rsa.pub >> .ssh/authorized_keys && rm id_rsa.pub && chmod -R 740 .ssh
This right here is the easy way to do something I did by hand for a long time:
Line 24: Line 18:
 . '''Example Blinkenshell ~/.ssh/config Entry'''
 . This goes in ~/.ssh/ on the machine you are ssh'ing "out" of: .
 . Host blink . User arthax0r . Port 2222 . HostName blinkenshell.org
 . Blank lines between entries for other hosts, and you can leave the port line out if it is on 22 as is standard. Also, you can leave out the user name is the same on both hosts (I think).
 * $ ssh-copy-id username@blinkenshell.org

This appends ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys file of the remote host. It also removes group writability on ~/.ssh and ~/.ssh/authorized_keys in case StrictModes is set on the server. ''The negative aspect to this approach is that you cannot specify a port, so if the service is running on a non-standard port, such as the case with Blinkenshell, you need to add the host to your config file first.'' The manual way to do it is as follows:

 * $ scp -P 2222 ~/.ssh/id_rsa.pub username@blinkenshell.org :./ssh/authorized_keys

Which seems just as easy, but is not, if you already have an authorized key file and want to append to it rather than overwrite it. Plus, ssh-copy-id will create ~/.ssh if it does not already, which it won't, if you have not ssh'd out from that account on that box. In which case it would be something like this:

 * $ ssh -p 2222 username@blinkenshell.org mkdir .ssh
 * $ scp -P 2222 ~/.ssh/id_rsa.pub username@blinkenshell.org :
 * $ ssh -p 2222 username@blinkenshell.org cat id_rsa.pub >> .ssh/authorized_keys && rm id_rsa.pub && chmod -R 740 .ssh

'''Example Blinkenshell ~/.ssh/config Entry'''

This goes in ~/.ssh/ on the machine you are ssh'ing ''out'' of:

Host blink<<BR>>
Port 2222<<BR>>
User arthax0r<<BR>>
HostName blinkenshell.org<<BR>>

With blank lines between entries for other hosts, and you can leave the port line out if it is on 22 as is standard. Also, you can leave out the user name is the same on both hosts (I think).
Line 37: Line 49:
 . Enjoy your knew ssh pimp cane. . -ah'2010 Enjoy your knew ssh pimp cane!

. -ah'2010

Windows

  1. install pageant from putty

  2. exchanges keys
  3. launch pageant
  4. enter your secret passphrase

Linux

SSH keys are the way, especially when used with you maintain your config file as well. Here is the quick and dirty version.

Create your RSA keys in ~/.ssh/

  • $ ssh-keygen
    • id_rsa (your private key, keep secure it is like knowing your password)
    • id_rsa.pub (your public key, you copy this places you want to recognize you [sorta])

This right here is the easy way to do something I did by hand for a long time:

This appends ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys file of the remote host. It also removes group writability on ~/.ssh and ~/.ssh/authorized_keys in case StrictModes is set on the server. The negative aspect to this approach is that you cannot specify a port, so if the service is running on a non-standard port, such as the case with Blinkenshell, you need to add the host to your config file first. The manual way to do it is as follows:

Which seems just as easy, but is not, if you already have an authorized key file and want to append to it rather than overwrite it. Plus, ssh-copy-id will create ~/.ssh if it does not already, which it won't, if you have not ssh'd out from that account on that box. In which case it would be something like this:

Example Blinkenshell ~/.ssh/config Entry

This goes in ~/.ssh/ on the machine you are ssh'ing out of:

Host blink
Port 2222
User arthax0r
HostName blinkenshell.org

With blank lines between entries for other hosts, and you can leave the port line out if it is on 22 as is standard. Also, you can leave out the user name is the same on both hosts (I think).

Now that you have a config file, it's as easy as this:

  • $ ssh-copy-id blink
  • $ ssh blink
  • Voila! No password prompt or long command line bs for ssh/scp, cuz you can also do this:

Enjoy your knew ssh pimp cane!

  • -ah'2010

Potential tutorials


CategoryHowto