Step # 1: Generate first ssh key
Type the following command to generate your first public and private key on a local workstation. Next provide the required input or accept the defaults. Please do not change the filename and directory location.
workstation#1 $ ssh-keygen -t rsa
Finally, copy your public key to your remote server using scp
workstation#1 $ scp ~/.ssh/id_rsa.pub user@remote.server.com:.ssh/authorized_keys
Step # 2: Generate next/multiple ssh key
a) Login to 2nd workstation
b) Download original the authorized_keys file from remote server using scp
workstation#2 $ scp user@remote.server.com:.ssh/authorized_keys ~/.ssh
c) Now create the new pub/private key:
workstation#2 $ ssh-keygen -t rsa
d) Now you have new public key. APPEND this key to the downloaded authorized_keys file using cat command:
workstation#2 $ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
workstation#2 $ scp ~/.ssh/authorized_keys user@remote.server.com:.ssh/
You can repeat step #2 for each user or workstations for remote server.
Step #3: Test your setup
Now try to login from Workstation #1, #2 and so on to remote server. You should not be asked for a password:
Showing posts with label ssh-keygen. Show all posts
Showing posts with label ssh-keygen. Show all posts
2009/10/14
how to set up ssh keys
# First, install OpenSSH on two UNIX machines, hurly and burly. This works best using DSA keys and SSH2 by default as far as I can tell. All the other HOWTOs I've seen seem to deal with RSA keys and SSH1, and the instructions not surprisingly fail to work with SSH2.
# On each machine type ssh somemachine.example.com and make a connection with your regular password. This will create a .ssh dir in your home directory with the proper perms.
# On your primary machine where you want your secret keys to live (let's say hurly), type
ssh-keygen -t dsa
This will prompt you for a secret passphrase. If this is your primary identity key, make sure to use a good passphrase. If this works right you will get two files called id_dsa and id_dsa.pub in your .ssh dir. Note: it is possible to just press the enter key when prompted for a passphrase, which will make a key with no passphrase. This is a Bad Idea ™ for an identity key, so don't do it! See below for uses of keys without passphrases.
#
scp ~/.ssh/id_dsa.pub burly:.ssh/authorized_keys2
Copy the id_dsa.pub file to the other host's .ssh dir with the name authorized_keys2.
# Now burly is ready to accept your ssh key. How to tell it which keys to use? The ssh-add command will do it. For a test, type
ssh-agent sh -c 'ssh-add < /dev/null && bash'
This will start the ssh-agent, add your default identity(prompting you for your passphrase), and spawn a bash shell. From this new shell you should be able to:
#
ssh burly
This should let you in without typing a password or passphrase. Hooray! You can ssh and scp all you want from this bash shell and not have to type any password or passphrase.
# On each machine type ssh somemachine.example.com and make a connection with your regular password. This will create a .ssh dir in your home directory with the proper perms.
# On your primary machine where you want your secret keys to live (let's say hurly), type
ssh-keygen -t dsa
This will prompt you for a secret passphrase. If this is your primary identity key, make sure to use a good passphrase. If this works right you will get two files called id_dsa and id_dsa.pub in your .ssh dir. Note: it is possible to just press the enter key when prompted for a passphrase, which will make a key with no passphrase. This is a Bad Idea ™ for an identity key, so don't do it! See below for uses of keys without passphrases.
#
scp ~/.ssh/id_dsa.pub burly:.ssh/authorized_keys2
Copy the id_dsa.pub file to the other host's .ssh dir with the name authorized_keys2.
# Now burly is ready to accept your ssh key. How to tell it which keys to use? The ssh-add command will do it. For a test, type
ssh-agent sh -c 'ssh-add < /dev/null && bash'
This will start the ssh-agent, add your default identity(prompting you for your passphrase), and spawn a bash shell. From this new shell you should be able to:
#
ssh burly
This should let you in without typing a password or passphrase. Hooray! You can ssh and scp all you want from this bash shell and not have to type any password or passphrase.
Subscribe to:
Posts (Atom)