http://www.linuxplanet.com/linuxplanet/tutorials/6878/1

More Linux Remote Networking Tips and Tricks (part 2)

Setting It Up

October 21, 2009

Last week we looked at some good ways to use OpenSSH and SSHFS for easy file sharing on the LAN. Today we're going to review how to use encryption keys instead of password logins. Using key pairs is less flexible but more secure because it's like using a key lock instead of a combination lock. There is no way to brute-force a password, you don't have to give away system passwords, and only users who possess the key can get in.

Other Stories on LinuxPlanet

Stumbling and Sniffing Wireless
Networks in Linux, Part 1

Build a High-Powered Ubuntu
Linux Workstation (part 3)

Linux Remote Networking Tips and Tricks

Green Computing is More Than Sleep Mode

Building Your Own Linux Kernel, part 2

A Big Ole Assortment of 50 Open Source
Apps for Small Business

With OpenSSH the machine you are logging into is always the server, because the OpenSSH daemon needs to be running and listening for connection attempts. The PC you are logging in from is the client. Again, like in Part 1, this is for LANs only because remote access over the Internet is more complicated to set up. We'll do that next in Part 3.

Creating a Named Key Pair

You can use an existing key or create a new pair. Don't give the new key pair a passphrase, and never ever share your private key-- guard it just like you would a physical key. Replace "remotepc" with your own hostnames or IP addresses. I like to give them helpful names, like this:

$ ssh-keygen -t rsa -f id_remotepc Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in id_remotepc. Your public key has been saved in id_remotepc.pub. The key fingerprint is: 5c:7f:e4:29:67:76:c3:32:59:dc:af:0c:78:0c:45:ef alrac@localhost The key's randomart image is:

+--[ RSA 2048]----+
|           .o    |
|           . .. .|
|          o   oo.|
|       . . = ++..|
|        S . *+Eoo|
|           . Ooo.|
|              o  |
|                 |
|                 |
+-----------------+

The private key is id_remotepc, and the public key is id_remotepc.pub. Now copy the public key to authorized remote PCs with the ssh-copy-id command. You don't have to specify the public key because ssh-copy-id automatically makes sure that the correct key is copied in the correct format:

$ ssh-copy-id -i /home/carla/.ssh/id_remotepc alrac@remotepc 0 Password: Now try logging into the machine, with "ssh 'alrac@remotepc'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.

Sitemap | Contact Us