wiki:OpenSsh

Version 2 (modified by joshuadf, 10 years ago) (diff)

--

Creating a keypair

Creating a key for your user is straightforward:

ssh-keygen -t rsa # enter a passphrase different from your password
chmod 755 ~/.ssh
# tell ssh to allow connections using that key
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 644 ~/.ssh/authorized_keys
# load your new key into memory
eval `ssh-agent`; ssh-add

You will also need to put your id_rsa.pub key in the ~/.ssh/authorized_keys file on any machine you want to connect to.

The command eval `ssh-agent`; ssh-add loads your private key into memory so that you don't need to type your passphrase more than once. You need to run that command each time you log in.

See the Red Hat Sysadmin Guide for more detailed step-by-step instructions.

More details

Most authentication between linux machines is done with SSH, specifically with public-key verification through host keys and personal keys. Host key signatures are kept on each machine in /etc/ssh/ssh_known_hosts so you should never see a message for a SIG machine like this one for vergil

 The authenticity of host 'vergil.u (140.142.12.6)' can't be established.
 DSA key fingerprint is 30:24:b6:7c:35:76:fd:c3:45:de:9d:02:ef:1f:cd:0d.
 Are you sure you want to continue connecting (yes/no)? no
 Host key verification failed.

There are two versions of the SSH protocol, we only allow protocol 2 since most clients support it (not TeraTermSSH, though--you'll need to use the SSH client from the UWICK).

RSA is the faster algorithm (and has some other advantages), but because for a long time it was patented the default algorithm was DSS (DSA host keys with SHA-1 encryption). The patent has now expired and RSA should be used in the future, though there is no hurry to convert existing uses from DSS.

For more information, see