wiki:OpenSsh

Version 1 (modified by trac, 12 years ago) (diff)

--

Creating a keypair

Creating a key for your user is straighforward:

ssh-keygen -t rsa # enter a passphrase different from your password
chmod 755 ~/.ssh
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 644 ~/.ssh/authorized_keys
eval `ssh-agent`; ssh-add

See the Red Hat Sysadmin Guide for more detailed step-by-step instructions.

The command eval `ssh-agent`; ssh-add loads your private key into memory so that you don't need to type your passphrase more than once. You need to run that command each time you log in.

More details

Most authentication between linux machines is done with SSH, specifically with public-key verification through host keys and personal keys. Host key signatures are kept on each machine in /etc/ssh/ssh_known_hosts so you should never see a message for a SIG machine like this one for vergil

 The authenticity of host 'vergil.u (140.142.12.6)' can't be established.
 DSA key fingerprint is 30:24:b6:7c:35:76:fd:c3:45:de:9d:02:ef:1f:cd:0d.
 Are you sure you want to continue connecting (yes/no)? no
 Host key verification failed.

There are two versions of the SSH protocol, we only allow protocol 2 since most clients support it (not TeraTermSSH, though--you'll need to use the SSH client from the UWICK).

RSA is the faster algorithm (and has some other advantages), but because for a long time it was patented the default algorithm was DSS (DSA host keys with SHA-1 encryption). The patent has now expired and RSA should be used in the future, though there is no hurry to convert existing uses from DSS.

For more information, see