Just thought this might be useful:
SSH lets you login to other people computers (remote server) from your own (local client) PC, if you and they are running SSH. You login as one of the users on the remote system, giving the username and remote URL in the ssh command:
SSH will ask you for the password of the user on that system, when you attempt to login.
However, SSH has its own, better way of authenticating your login - called 'SSH key pairs' or 'SSH keys'.
They're better than just giving the user login details of the user on the remote machine. Why? More secure - SSH keys come in two flavours, DSA and RSA - the RSA keys are even more secure.
Why more convenient? Well, when working with git or logging in & out of a server frequently for any reason, you don't want to give a password
every time!
After adding your
public SSH key to a server, you can run a simple command on your local PC, so that you no longer need to provide your login details, until you logout (or close your terminal emulator window!).
Don't worry..
It's not
that complicated - don't be fooled by long winded blogs about it (like I was).
Summary steps (details follow after):
1. Create an SSH key ( this makes 2 files, a private 'id_rsa' and a public 'id_rsa.pub' )
2. Add the
public key to the file ~/.ssh/authorized_keys on the server.
3. Add your key to SSH-agent (on your local system).
4. Then, login to remote system using SSH, it will ask for
your SSH key.
It's so simple to setup SSH keys, and I can boil down the heaps of stuff I had to read into a few simple commands:
Details of how to make it work:
1.: on
CLIENT (your local PC), set up the RSA keys, choose a 'passphrase' for your key:
2.: Then, on the
CLIENT, add your key to authorized list (stored on the server):
Code: Select all
cat ~/.ssh/id_rsa.pub | ssh -p <port> <username>@<host_ip> 'cat - >> ~/.ssh/authorized_keys'
3.: Then login to
SERVER from
CLIENT, via ssh, give passphrase created in step 1 when asked:
4.: then logout again, and on
CLIENT, start ssh-agent and add your SSH key to the session:
Code: Select all
eval `ssh-agent -s`; ssh-add ~/.ssh/id_rsa
Then, re-login to server, as in step 3, give your key, logout, re-login, and finally, you should be able to login via SSH without giving the users password, or your passphrase.
Done.
To test further, I then created new user on my server, to try it all again, logging into a different *nix user on the server.
I added my SSH key to the new users ~/.ssh/authorized_keys file, but it wouldn't work! I had to enter the users passsword, not
my SSH passphrase, each time.
I tried other users on the server... same problem..
It was a permission thing...
For any user on my server not allowing login using SSH keys, I could fix it by logging in as that user on the server using ssh, then run these commands:
Code: Select all
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
su root
chown -R user:user .ssh
..as it was my server, i could do the su root thing.
Lastly, logout and, on the CLIENT, do the following to login using your SSH key:
Code: Select all
eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa
ssh -p <port> example.com