SuSELinuxSupport: HowToPublicKeyAuthentication

SuSE Linux Support Forums

Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register

SuSELinuxSupport :: HowToPublicKeyAuthentication ( Search for: HowToPublicKeyAuthentication )

Community

Resources

Title: HowTo: Public Key Authentication
Description: Setting up a public key (non-password) login using ssh.

First, before starting, the following assumptions are made:

You have enabled sshd on the remote server.
You have opened the appropriate port for sshd on the remote server.
You have configured tcp wrappers and/or other security mechanisms on the remote server.
You are careful enough to know that you should not set up public key authentication for the root user.
You are capable of choosing between RSA or DSA keys. (In this example I have chosen RSA.)

Note: This is written for SuSE 9.2; other versions should be similar or identical.

Preparing the client

1. If it does not exist, create the ~/.ssh directory for your user.

2. Generate the public / private key pair with the command

ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa

Note: When prompted for a passphrase, just hit enter, and then enter again. See the man pages for ssh-keygen for various options, if you'd like to try something different. This will generate a private and a public (.pub) key file.

3. As root, edit the /etc/ssh/ssh_config file in the following ways:

Remove the comment (#) from the line
```
IdentityFile ~/.ssh/id_rsa
```
Remove the comment (#) from the line
```
Protocol 2
```
(and while you are at it, if there is a 1 there, remove it; there should only be a 2 unless you have some strange reason to use protocol 1)

Preparing the server

1. Log in to the remote server using the normal ssh password authentication.

2. Make sure the ~/.ssh directory exists.

3. Make sure permissions on the ~/.ssh directory are 700.

4. Now from the client machine copy the .pub key you generated to ~/.ssh on the server. You can do this with something like (from the client machine):

scp ~/.ssh/id_rsa.pub user_name_here@server_here:~/.ssh

That will prompt you for a password to complete.

5. Now ssh to the server again, and run the following command:

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

6. Next, as root, edit the /etc/ssh/sshd_config file in the following ways:

If the line
```
Protocol 2 
```
has a 1 as well, remove it unless you have some strange reason to use protocol 1. Also remove comment (#) if it is there.
Edit the line
```
PubkeyAuthentication yes
```
(i.e. if it says no, change it to yes) Also remove comment (#) if it is there.
Make sure the line
```
AuthorizedKeysFile      .ssh/authorized_keys
```
is set up correctly (i.e. if it is pointing to a different keys file, then update to what is shown here). Also remove comment (#) if it is there.

7. As root, restart sshd:

rcsshd restart

That's it. Now try logging in from your client machine - you should be logged in automatically without being prompted for a password.

Comments and Suggestions:
http://forums.suselinuxsupport.de/index.php?showtopic=18094∞

To add your own howto: http://forums.suselinuxsupport.de/index.php?showforum=50∞

There are no comments on this page. [Add comment]

Warning: include(http://forums.suselinuxsupport.de/ssi.php?a=active) [function.include]: failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/customers/webs/slwiki/actions/footer.php on line 51

Warning: include() [function.include]: Failed opening 'http://forums.suselinuxsupport.de/ssi.php?a=active' for inclusion (include_path='.:/home/customers/webs') in /home/customers/webs/slwiki/actions/footer.php on line 51

Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by Wikka Wakka Wiki 1.1.6.0

Page was generated in 0.0211 seconds