PARANOIDIX

Posted on: Jul 11, 2008

To create a key to use for authentication use the command

-t rsa sets the algorythm type which can be either rsa or dsa
-b 1024 sets the keylength in bits

You'll need to enter the passphrase when asked for it.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/john/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): thisismypassphrase
Enter same passphrase again: thisismypassphrase
Your identification has been saved in /home/john/.ssh/id_rsa.
Your public key has been saved in /home/john/.ssh/id_rsa.pub.
The key fingerprint is:
0a:fa:2b:92:16:7a:e9:4f:97:d4:d9:4d:2b:c5:2a:09 john@workstation

Afterwards copy the key to the server with the scp command, and enter password when required

john@192.168.100.3's password:
id_rsa.pub                  100%  222     0.2KB/s   00:00

If you get an error "No such file or directory" when copying the file to the server, it may be because the folder ~/.ssh doesn't exist. To create the folder run the following command and then repeat the above command.

Append the key to the authentication file with

Try to connect to the server now.

Enter passphrase for key '/home/john/.ssh/id_rsa': 

Enter the passphrase when you're asked for it.

After you have succesfully logged in using your public key, you can block password authentication. To do this edit the file /etc/ssh/sshd_config and change the line containing

to

To heighten the security also make sure the following is set accordingly

# Make sure the permissions on the authorized_keys file are secure (600)
StrictModes yes

# Max authentication tries before the actions are logged. Can be used to determine a brute force attack
MaxAuthTries 5

and restart the ssh server afterwards with

Resources

Book

Pro OpenSSH by Michael Stahnke
ISBN: 1-59059-476-2

Web

Arch Wiki - Using SSH Keys

Notes

It looks like a windows machine can not connect if you have StrictModes yes set. At least in my setup I had to set it to no to make a succesul connection.