Changes between Initial Version and Version 1 of OpenSsh


Ignore:
Timestamp:
05/08/06 13:34:25 (13 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • OpenSsh

    v1 v1  
     1== Creating a keypair == 
     2 
     3Creating a key for your user is straighforward: 
     4{{{ 
     5ssh-keygen -t rsa # enter a passphrase different from your password 
     6chmod 755 ~/.ssh 
     7cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys 
     8chmod 644 ~/.ssh/authorized_keys 
     9eval `ssh-agent`; ssh-add 
     10}}} 
     11 
     12See the 
     13[http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/s1-openssh-client-config.html#S2-OPENSSH-GENERATE-KEYPAIRS Red Hat Sysadmin Guide] 
     14for more detailed step-by-step instructions.  
     15 
     16The command {{{eval `ssh-agent`; ssh-add}}} loads your private key into  
     17memory so that you don't need to type your passphrase more than once. 
     18You need to run that command each time you log in. 
     19 
     20== More details == 
     21 
     22Most authentication between linux machines is done with SSH, 
     23specifically with public-key verification through host keys 
     24and personal keys. Host key signatures are kept on each 
     25machine in `/etc/ssh/ssh_known_hosts` so you should ''never'' 
     26see a message for a SIG machine like this one for vergil 
     27{{{ 
     28 The authenticity of host 'vergil.u (140.142.12.6)' can't be established. 
     29 DSA key fingerprint is 30:24:b6:7c:35:76:fd:c3:45:de:9d:02:ef:1f:cd:0d. 
     30 Are you sure you want to continue connecting (yes/no)? no 
     31 Host key verification failed. 
     32}}} 
     33 
     34There are two versions of the SSH protocol, we only allow 
     35protocol 2 since most clients support it (not TeraTermSSH, 
     36though--you'll need to use the SSH client from the UWICK). 
     37 
     38RSA is the faster algorithm (and has some other advantages), but  
     39because for a long time it was patented the default algorithm  
     40was DSS (DSA host keys with SHA-1 encryption).  
     41The patent has now expired and RSA should be used in the future, 
     42though there is no hurry to convert existing uses from DSS. 
     43 
     44 
     45For more information, see 
     46 * [http://www.openssh.com/faq.html The OpenSSH FAQ] 
     47 * [http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/s1-openssh-client-config.html#S2-OPENSSH-GENERATE-KEYPAIRS Red Hat Sysadmin Guide]