[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Thu, 24 Nov 2005 09:02:50 -0600 -->
- <!--x-from-r13: zxnpuyvar ng tznvy.pbz ([vxr Ynpuyvar) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] SSH keys -->
- <li><em>date</em>: Thu, 24 Nov 2005 09:02:50 -0600</li>
- <li><em>from</em>: mkachline at gmail.com (Mike Kachline)</li>
- <li><em>in-reply-to</em>: <<a href="msg00354.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00354.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] SSH keys</li>
Looking on linuxdoc.org, I'm actually suprised there is not an HOWTO for
this.
Following steps would be on my Fedora Core 4 box. Someone correct me if I
missed a step. Note that, in this example, "serverbox" is the machine you
want to ssh into, and "clientbox" is the box (or boxes) you want to ssh
from. I am assuming you created the default name keypair of "id_dsa" and
"id_dsa.pub", but, you can create additional keypairs.
1) ssh-keygen -t dsa
2) serverbox$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys
3) Copy your private key (usually "id_dsa") to "clientbox" into the
directory $HOME/.ssh/
4) serverbox$ sudo vi /etc/ssh/sshd_config
5) Look for "PasswordAuthentication", set to "No"
6) Look for "PubkeyAuthentication", set to "Yes"
7) Save changes to sshd_config
8) serverbox$ /etc/rc.d/init.d/sshd restart
9) clientbox$ ssh -v -i id_dsa -l myserverusername serverbox
If you are planning to ssh into serverbox as "root", then you may need to
also tweak the "PermitRootLogin" setting in sshd_config, though as a general
rule of practice, ssh'ing as a normal user, and *then* sudo would be a safer
route.
If you run into problems, try reading the output of "ssh -v" and likewise,
on serverbox, take a look at /var/log/secure and/or /var/log/messages. A
possible problem is that your .ssh directory is writable by others/group, or
(even worse), your home directory (or one of it's parents) is writable by
group/others. In such a case, sshd does not use your "authorized_keys" file
for fear that someone else could spoof you.
--
Mike Kachline
mike at kachline.net
<a rel="nofollow" href="http://www.kachline.net/";>http://www.kachline.net/</a>
-------------- next part --------------
An HTML attachment was scrubbed...
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00354" href="msg00354.html">[ale] SSH keys</a></strong>
<ul><li><em>From:</em> colbert.brandon at gmail.com (Brandon Colbert)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00357.html">[ale] SSH keys</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00359.html">[ale] SSH keys</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00354.html">[ale] SSH keys</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00355.html">[ale] SSH keys</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00358"><strong>Date</strong></a></li>
<li><a href="threads.html#00358"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>