Beruflich Dokumente
Kultur Dokumente
Note: The infor ation in this docu ent assu es you are usin! "penSSH on the local and re ote syste s #this is !enerally the case on the UITS central syste s at Indiana Uni$ersity%& If you are usin! a different SSH $ersion, such as one a$ailable fro Tectia, the process outlined below ay not be correct&
'ublic key authentication is an alternati$e security ethod to usin! passwords& To use public key authentication, you ust !enerate both a public and a pri$ate key #i&e&, a key pair%& (ou store your public key on the re ote hosts on which you ha$e an accounts& (our pri$ate key stays on the co puter you use to connect to those re ote hosts& This ethod allows you to lo! into those re ote hosts, and transfer files to the , without usin! your account passwords&
"n the co puter you)ll use to access the re ote host, !enerate a key pair for the protocol you want to use:
To create a key pair for SSH2, enter: ssh*key!en *t dsa To create a key pair for SSH, enter: ssh*key!en *t rsa+ Note: ,or security reasons, UITS stron!ly reco possible& ends usin! SSH2 instead of SSH whene$er
(ou will be pro pted to supply a filena e #for sa$in! the key pair% and a password #for your pri$ate key%& If you press -nter or .eturn throu!h each of these pro pts, the key !eneration pro!ra will assu e:
(ou want to use the default filena e #e&!&, id/dsa for SSH2%& (ou do not want to password*protect your pri$ate key&
Note: UITS stron!ly reco ends usin! a password to protect your pri$ate key& If your pri$ate key is not password protected, another person can concei$ably access your co puter and then connect to your account on the re ote host #where your public key is sa$ed% without enterin! a password&
0 pri$ate key that has the filena e you specified #e&!&, filena e% or the default filena e #e&!&, id/dsa% 0 public key that has the sa e filena e with a &pub extension added #e&!&, filena e&pub or id/dsa&pub%
Use S1' to copy your public key file #e&!&, filena e&pub% to your account on the re ote host #e&!&, d$ader2deathstar&co %& To do so, enter: scp 34&ssh4filena e&pub d$ader2deathstar&co : 5o! into the re ote host usin! your account userna e and password& If your account doesn)t already contain a 34&ssh4authori6ed/keys file, create one& To do so, use the followin! co ands: kdir *p 34&ssh touch 34&ssh4authori6ed/keys Note: If your account already has 34&ssh4authori6ed/keys, executin! these co da a!e the existin! directory or file& ands will not
"n the re ote host, add your public key #e&!&, filena e&pub% to the 34&ssh4authori6ed/keys file7 at the co and line, enter: cat 34filena e&pub 88 34&ssh4authori6ed/keys (ou ay now safely delete the public key file #e&!&, filena e&pub% fro re ote host& To do so, at the co and pro pt, enter: r 34filena e&pub o$e it to your account on the
If you prefer to keep a copy of your &pub file #e&!&, filena e&pub% on the re ote host, the &ssh directory& To do so, at the co and pro pt, enter:
$ filena e&pub 34&ssh4 Note: ,ollow steps 9*: for each re ote host on which you want to use public key authentication&
The next ti e you use SSH or SSH2 on the co puter that has your pri$ate key to connect to a re ote host that has your public key:
If you supplied a password when !eneratin! your pri$ate key, the re ote host will pro pt you for your pri$ate key password& Note: (our pri$ate key password is not trans itted to the re ote host&
If you did not supply a password when !eneratin! your pri$ate key, the re ote host will not pro pt you for a password&
For Unix, what are ssh-agent and ssh-add, and how do I use them?
In Unix, ssh-agent is a background program that handles passwords for SSH private keys. The ssh-add command prompts the user for a private key password and adds it to the list maintained by ssh-agent. nce you add a password to ssh-agent, you will not be prompted for it when using SSH or scp to connect to hosts with your public key. Note: The public part of the key loaded into the agent must be put on the target system in ~/.ssh/authorized_keys ! see In SSH and SSH" for Unix, how do I set up public key authentication# To use ssh-agent and ssh-add, follow the steps below$ 1. %t the Unix prompt, enter$ eval `ssh-agent`Note: &ake sure you use the back'uote ( ` ), located under the tilde ( ~ ), rather than the single 'uote ( ' ). 2. *nter the command$ ssh-add
4. +hen you log out, enter the command$ kill $SSH_AGE !_"#$To run this command automatically when you log out, place it in your .logout file (if you are using %sh or t%sh) or your.&ash_logout file (if you are using &ash). Note: The versions of these programs for SSH", ssh-agent' and ssh-add', are the same as outlined above. To use them, follow the instructions above, replacing all occurrences of ssh-agent with ssh-agent' , and ssh-add with ssh-add' . The SSH" versions will only work if both your computer and the remote host are running SSH".