Friday, October 23, 2009

Apache:SSH Public key based authentication – Howto

This howto covers generating and using ssh keys for automated:

a) Login

b) Make backups

c) Run commands from shell etc
Task: Generating ssh keys



1) Log on to your workstation ( for example log on to workstation called admin.fbsd.nixcraft.org as vivek user). Please refer the following sample setup - You will be log in, on your local system, AS THE USER you wish to make passwordless ssh connections.

My Setup
(Click image to enlarge)

2) Create the Cryptographic Key on FreeBSD workstation, enter:

$ ssh-keygen -t rsa

Assign the pass phrase (press [enter] key twice if you don't want a passphrase). It will create 2 files in ~/.ssh directory as follows:

* ~/.ssh/id_rsa : identification (private) key
* ~/.ssh/id_rsa.pub : public key

3) Use scp to copy the id_rsa.pub (public key) to rh9linux.nixcraft.org server as authorized_keys2 file, this is know as Installing the public key to server.

$ scp .ssh/id_rsa.pub vivek@rh9linux.nixcraft.org:.ssh/authorized_keys2

4) From FreeBSD workstation login to server:

$ ssh rh9linux.nixcraft.org

5) Changing the pass-phrase on workstation (if needed):

$ ssh-keygen -p

6) Use of ssh-agent to avoid continues pass-phrase typing
At freebsd workstation type:

$ ssh-agent $BASH
$ ssh-add

Type your pass-phrase

From here, whenever connecting to server it won’t ask for password.
Above two commands can be added to ~/.bash_profile so that as soon as I login into workstation I can set the agent.

7) Deleting the keys hold by ssh-agent

a) To delete all keys

$ ssh-add -D

b) To delete specific key

$ ssh-add -d key

c) To list keys

$ ssh-add -l

No comments:

Post a Comment