{"id":713,"date":"2007-05-05T18:44:37","date_gmt":"2007-05-05T11:44:37","guid":{"rendered":"http:\/\/www.jfdesignnet.com\/?p=713"},"modified":"2007-05-05T18:44:37","modified_gmt":"2007-05-05T11:44:37","slug":"public-key-authentication-using-ssh","status":"publish","type":"post","link":"https:\/\/www.jfdesignnet.com\/?p=713","title":{"rendered":"Public Key Authentication using ssh"},"content":{"rendered":"<p style=\"text-align: justify;\">Here is the how to setup a public key for ssh authentication. so you don&#8217;t have to login using root and keep the system secure. The other advantages (which I needed most) are you can run automated maintenance tasks\/checks on other machines including rsync over ssh like I did.<\/p>\n<p>Ok. Let&#8217;s begin.<\/p>\n<p>1. Create the private and public keys :<br \/>\n{code}ssh-keygen -t dsa{\/code}<br \/>\nYou will be prompted for a key location, the default is fine so just  press enter. Then you are asked to enter a passphrase.  From man ssh-keygen :<\/p>\n<blockquote>\n<p style=\"text-align: justify;\">The program also asks for a passphrase.  The passphrase may be empty to  indicate no passphrase (host keys must have an empty passphrase), or it  may be a string of arbitrary length.  A passphrase is similar to a  password, except it can be a phrase with a series of words, punctuation,  numbers, whitespace, or any string of characters you want.  Good  passphrases are 10-30 characters long, are not simple sentences or  otherwise easily guessable (English prose has only 1-2 bits of entropy  per character, and provides very bad passphrases), and contain a mix of  upper and lowercase letters, numbers, and non alphanumeric characters.<\/p>\n<\/blockquote>\n<p style=\"text-align: justify;\">If you are intending to set up automated tasks that will use this key it  is probably best not to supply a passphrase although it will inevitably  be less secure.<\/p>\n<p style=\"text-align: justify;\">2. Copy the public key to the server (you will need to enter the password) :<strong> <\/strong><br \/>\n{code}cat ~\/.ssh\/id_dsa.pub | ssh user@server &#8220;cat &#8211; &gt;&gt;  ~\/.ssh\/authorized_keys&#8221;{\/code}<br \/>\nThe public key you have just created is piped to ssh and store them as authorized_keys. Please remember that if you have <em>PermitRootLogin without-password<\/em> setting in sshd_config, you must disable it first to store that public key. You can set back to without-password again after the public key were copied.<\/p>\n<p style=\"text-align: justify;\">3. That&#8217;s it, to test it just ssh to the other server and you shouldn&#8217;t  need a password.  If you entered a passphrase then you need will need to  enter it when prompted:<br \/>\n{code}ssh user@server{\/code}<\/p>\n<p>Now how about ssh-agent ?<\/p>\n<p><strong>Using ssh-agent to store passphrases<\/strong><br \/>\nIf you decided to use a passphrase then you need only enter it once per  session using ssh-agent and ssh-add.<br \/>\n1) The parent shell process in which you work should be started by  ssh-agent &#8211; ie:<br \/>\n<strong>ssh-agent \/bin\/bash<\/strong><br \/>\n2) Then to store your passphrase for that session run:<br \/>\n<strong>ssh-add<\/strong><br \/>\nEnter your passphrase when prompted<br \/>\n3) Thats it, to test it just ssh to the other server and you shouldn&#8217;t  need a password or passphrase:<br \/>\n<strong>ssh user@server<\/strong><\/p>\n<p style=\"text-align: justify;\">If you use a desktop environment or window manager you can start it in  the same way as a the bash shell was above with ssh-agent so that any  child processes (terminals etc) also have access to your passphrase.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here is the how to setup a public key for ssh authentication. so you don&#8217;t have to login using root and keep the system secure. The other advantages (which I needed most) are you can run automated maintenance tasks\/checks on other machines including rsync over ssh like I did. Ok. Let&#8217;s begin. 1. Create the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[121,185,201,227],"_links":{"self":[{"href":"https:\/\/www.jfdesignnet.com\/index.php?rest_route=\/wp\/v2\/posts\/713"}],"collection":[{"href":"https:\/\/www.jfdesignnet.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jfdesignnet.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jfdesignnet.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jfdesignnet.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=713"}],"version-history":[{"count":0,"href":"https:\/\/www.jfdesignnet.com\/index.php?rest_route=\/wp\/v2\/posts\/713\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jfdesignnet.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jfdesignnet.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=713"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jfdesignnet.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}