Tag Archives: OpenSSH

Setting Up SSH Keys

Here is my attempt at a very quick and dirty guide to setting up SSH Keys using OpenSSH. If you are looking for a way to securely login to one or more boxes, without being prompted for your password every time, then using SSH Keys is probably your best bet.

Here we go..

Using SSH keys allows you to SSH from one host to another in a more secure manner, or (optionally) without the need for a password.

Lets name our example hosts:

  • local host is called my_pc
  • remote host is called devhost

On my_pc (the host you are SSH’ing from):

ssh-keygen -t dsa

This will generate two files (a key pair), for example:

id_dsa – this is your private key
id_dsa.pub – this is your public key

ssh-keygen will ask you for a password/pass-phrase. At this point, you can enter a pass-phrase, or just hit [enter] to use a blank password.

  • Note: if you are creating a key for a user account, you should always use a pass-phrase! Only consider omitting pass-phrases when the key is being used for one-off automated system to system transactions.

If you haven’t done so already, give your private key a descriptive name, like my_pc.id_dsa.

If it doesn’t exist, create the file ‘~/.ssh/config‘, with the following contents:

Host devhostIdentityFile ~/.ssh/my_pc.id_dsa

Note that the ‘config‘ file can be configured with multiple private keys. Make sure that devhost is resolvable by hostname, or this will not work.

(Note: I’ve had some trouble using IP’s in the ‘config‘ file)

Make sure that ‘my_pc.id_dsa‘ is only readable/writeable by it’s owner. Make sure that ‘config‘ is only writable by it’s owner.

On devhost (The host you are SSH’ing to):
Copy the public key from my_pc to devhost, and append it’s contents to the end of the ‘authorized_keys2‘ file, like so:

cat id_dsa.pub >> ~/.ssh/authorized_keys2

Note that the ‘authorized_keys2‘ file can hold multiple public keys.Make sure that ‘authorized_keys2‘ is only readable/writeable by it’s owner.You’re Finished! You should now be able to SSH from my_pc to devhost using SSH keys, and without the need for a password if you so desired.

Use ‘ssh -v’ to enable verbose debugging when testing SSH connectivity.This was tested with OpenSSH on Ubuntu 8.04 LTS, and I’ve used this same method successfully on previous versions of OpenSSH, and on other Debian-based operating systems. Your mileage may vary depending on your OS and version of OpenSSH.