Back to article
More Linux Remote Networking Tips and Tricks (part 2)
Setting It Up
October 21, 2009
Last week we looked at some good ways to use OpenSSH and SSHFS for easy file sharing on the LAN. Today we're going to review how to use encryption keys instead of password logins. Using key pairs is less flexible but more secure because it's like using a key lock instead of a combination lock. There is no way to brute-force a password, you don't have to give away system passwords, and only users who possess the key can get in.
With OpenSSH the machine you are logging into is always the server, because the OpenSSH daemon needs to be running and listening for connection attempts. The PC you are logging in from is the client. Again, like in Part 1, this is for LANs only because remote access over the Internet is more complicated to set up. We'll do that next in Part 3.
Creating a Named Key Pair
You can use an existing key or create a new pair. Don't give the new key pair a passphrase, and never ever share your private key-- guard it just like you would a physical key. Replace "remotepc" with your own hostnames or IP addresses. I like to give them helpful names, like this:
$ ssh-keygen -t rsa -f id_remotepc
The private key is id_remotepc, and the public key is id_remotepc.pub. Now copy the public key to authorized remote PCs with the ssh-copy-id command. You don't have to specify the public key because ssh-copy-id automatically makes sure that the correct key is copied in the correct format:
$ ssh-copy-id -i /home/carla/.ssh/id_remotepc alrac@remotepc