I talk about DSA/RSA because the setup procedure is the same, but you have the oppurtunity to choose two different types of key generation algorithm with OpenSSH:
RSA ( http://en.wikipedia.org/wiki/Rsa )
DSA ( http://en.wikipedia.org/wiki/Digital_Signature_Algorithm )
How does the RSA/DSA keys authentication method works?
RSA/DSA Keys authentication scheme follows this logic:
1) The sysadmin (You...) generates a pair of RSA/DSA Keys on his system (one is the "private key" and the other one is the "public key")
2) After that, his public RSA/DSA key will be published (copied) to the home directory of the remote server account that will be used for RSA/DSA authentication (The system admin will repeats this step for each server he wants to manage/access)
3) Only the owner of a private key (the sysadmin) can have access to systems containing his public rsa/dsa key
4) If the sysadmin connects to a server specifying on his pc client the rsa keys path, he will have "direct" access to the called system without inserting any password. Indeed his openssh client will search the private key of the sysadmin and uses it for accessing the remote server in the same manner of the classical login... But in the case... the machines handshake (client with server) will be done automatically by using keys.
Why this method is better than username/password login?
The answer is simple...
The negative aspect...
In real world... Follow these steps:
scp /home/youruser/.ssh/id_dsa.pub yourremoteuser@server:/home/yourremoteuser
scp /home/angel/.ssh/id_dsa.pub email@example.com:/home/admin
(insert the password)
when you're logged in write:
cat /home/admin/id_dsa.pub >>/home/admin/.ssh/authorized_keys2
chmod 700 .ssh
chmod 600 .ssh/authorized_keys2
(Replace "admin" with your user on remote server...)
5) Logout from the server
On the command line of the client write:
ssh -i /home/yourusername/.ssh/id_dsa firstname.lastname@example.org
Note: add the option "-p port" if the remove server ssh daemon answer to a port different from 22
For example (for the user "admin") you could use:
ssh -p1138 -i /home/angel/.ssh/id_dsa email@example.com
If your remote system is configured for using both authentication method (user/password and rsa keys...), you can force the openssh daemon to accept only rsa authentication.
To do that, change the PasswordAuthentication parameter to no into the /etc/sshd_config file!
That's all! See you! (If you like my posts, I'll be pleased if you became a follower of my blog and my Twitter!)
Have a nice day!
Digital Patch Posts by Angelo F. are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License.
Based on a work at digitalpatch.blogspot.com.