182 lines
6.0 KiB
HTML
182 lines
6.0 KiB
HTML
<!--startcut ==============================================-->
|
|
<!-- *** BEGIN HTML header *** -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML><HEAD>
|
|
<title>SSH with keys LG #96</title>
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
|
|
ALINK="#FF0000">
|
|
<!-- *** END HTML header *** -->
|
|
|
|
<!-- *** BEGIN navbar *** -->
|
|
<A HREF="dorgan3.html"><< Prev</A> | <A HREF="index.html">TOC</A> | <A HREF="../index.html">Front Page</A> | <A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue96/dorgan4.html">Talkback</A> | <A HREF="../faq/index.html">FAQ</A> | <A HREF="dorgan5.html">Next >></A>
|
|
<!-- *** END navbar *** -->
|
|
|
|
<!--endcut ============================================================-->
|
|
|
|
<TABLE BORDER><TR><TD WIDTH="200">
|
|
<A HREF="http://www.linuxgazette.com/">
|
|
<IMG ALT="LINUX GAZETTE" SRC="../gx/2002/lglogo_200x41.png"
|
|
WIDTH="200" HEIGHT="41" border="0"></A>
|
|
<BR CLEAR="all">
|
|
<SMALL>...<I>making Linux just a little more fun!</I></SMALL>
|
|
</TD><TD WIDTH="380">
|
|
|
|
|
|
<CENTER>
|
|
<BIG><BIG><STRONG><FONT COLOR="maroon">SSH with keys</FONT></STRONG></BIG></BIG>
|
|
<BR>
|
|
<STRONG>By <A HREF="../authors/dorgan.html">David Dorgan</A></STRONG>
|
|
</CENTER>
|
|
|
|
</TD></TR>
|
|
</TABLE>
|
|
<P>
|
|
|
|
<!-- END header -->
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
|
<html>
|
|
<head>
|
|
<title></title>
|
|
<style type="text/css">
|
|
<!--
|
|
.header {
|
|
font-family: Verdana, Arial, Helvetica, sans-serif;
|
|
font-size: 24px;
|
|
font-weight: bold;
|
|
color: #999999;
|
|
}
|
|
.author {
|
|
font-family: Verdana, Arial, Helvetica, sans-serif;
|
|
font-size: 10px;
|
|
font-style: italic;
|
|
color: #666666;
|
|
margin-left: 25px;
|
|
}
|
|
.disclaimer {
|
|
font-family: Verdana, Arial, Helvetica, sans-serif;
|
|
font-size: 10px;
|
|
color: #CCCCCC;
|
|
margin-left: 50px;
|
|
}
|
|
.cvsinfo {
|
|
font-family: Verdana, Arial, Helvetica, sans-serif;
|
|
font-size: 10px;
|
|
color: #CCCCCC;
|
|
}
|
|
.body {
|
|
font-family: Verdana, Arial, Helvetica, sans-serif;
|
|
font-size: 10px;
|
|
margin-left: 50px;
|
|
}
|
|
-->
|
|
</style>
|
|
</head>
|
|
|
|
<body>
|
|
|
|
|
|
<table border="0" cellpadding="3" cellspacing="0" width="100%"
|
|
bgcolor="#FFFFFF">
|
|
<tbody>
|
|
<tr>
|
|
<td><p>It has come to my attention that a lot of people like using ssh,
|
|
most do not use keys, some do. What struck me is that most of the
|
|
people who do use keys don't use passphrases with them, when I
|
|
asked some people why not, they said they didn't like typing their
|
|
password each time, this isn't the case. <br />
|
|
<br />
|
|
<br />
|
|
Some background, let's say you want to tell somebody your password
|
|
for an account on a machine, but you don't know who is listening,
|
|
your only method of communication is cleartext communication over an
|
|
insecure channel. Then what to do you?<br />
|
|
Public key cryptography is the answer, you can send your public key
|
|
to anybody, you just keep your private key to yourself.<br />
|
|
<br />
|
|
To create a key, simply run ssh-keygen, with the options<br />
|
|
ssh-keygen -t dsa.<br />
|
|
You should be prompted for where to save your keys, e.g.
|
|
/home/user/.ssh/id_dsa and /home/user/.ssh/id_dsa.pub<br />
|
|
Then you will be prompted for a password, public keep systems are
|
|
great for security, however they are only as good as their weakest
|
|
link, don't let your passphrase be the weakest link.<br />
|
|
<br />
|
|
You should never *EVER* put your private key on a server, you should
|
|
never put it on a disk.<br />
|
|
Personally I just keep it on my laptop, nowhere else, ever. Then put
|
|
your public key on the remote hosts in the file
|
|
/home/user/.ssh/authorized_keys .<br />
|
|
<br />
|
|
Some people have their servers setup to only accept RSA key
|
|
authentication, which isn't a bad idea.<br />
|
|
<br />
|
|
Now, people do complain about having to enter their passphrase each
|
|
time, this isn't *really* an issue. Personally I start X with a
|
|
script in rc.local.<br />
|
|
<br />
|
|
$ cat /etc/rc.local<br />
|
|
ssh-agent xdm<br />
|
|
Now once inside X as your user, type ssh-add, enter your passphrase,
|
|
now each xterm you open, you can type ssh server, and you won't be
|
|
prompted for a password.<br />
|
|
One point to note on this, be *SURE* to lock your workstation while
|
|
away, even for a few seconds.<br />
|
|
</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<p>$Id: ssh-with-keys.html,v 1.4 2003/08/30 15:00:35 davidd Exp $ </p>
|
|
</body>
|
|
</html>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!-- *** BEGIN author bio *** -->
|
|
<P>
|
|
<P>
|
|
<!-- *** BEGIN bio *** -->
|
|
<P>
|
|
<img ALIGN="LEFT" ALT="[BIO]" SRC="../gx/2002/note.png">
|
|
<em>
|
|
David has been a very productive writer and plans to contribute more of his
|
|
work in the future.
|
|
</em>
|
|
<br CLEAR="all">
|
|
<!-- *** END bio *** -->
|
|
|
|
<!-- *** END author bio *** -->
|
|
|
|
|
|
<!-- *** BEGIN copyright *** -->
|
|
<hr>
|
|
<CENTER><SMALL><STRONG>
|
|
Copyright © 2003, David Dorgan.
|
|
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
|
|
Published in Issue 96 of <i>Linux Gazette</i>, November 2003
|
|
</STRONG></SMALL></CENTER>
|
|
<!-- *** END copyright *** -->
|
|
<HR>
|
|
|
|
<!--startcut ==========================================================-->
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<A HREF="dorgan3.html"><< Prev</A> | <A HREF="index.html">TOC</A> | <A HREF="../index.html">Front Page</A> | <A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue96/dorgan4.html">Talkback</A> | <A HREF="../faq/index.html">FAQ</A> | <A HREF="dorgan5.html">Next >></A>
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</BODY></HTML>
|
|
<!--endcut ============================================================-->
|