Step-by-step instructions setting up RSA Authentication for SSH?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Step-by-step instructions setting up RSA Authentication for SSH?
OS: Slackware 10.1
Kernel: 2.6.11.7
Openssh 3.9p1
I read the long thread on " SSH login attempts" up top, but I still don't know how to setup RSA Authentication for SSH. Thread wasn't clear enough for me to understand. One person would say do it this way, another person would say do it that way. Well I'm all confused now I'm looking for one way (preferably easiest) and when I do it that 'one way' it'll work right off the bat.
I tried setting it up a couple of times, but with no success. So I decided to start from scratch and now here I am
Assuming I just downloaded the newest version of OpenSSH. How would one successfully setup RSA Authentication for SSH?
This thread could also help the rest of the people that want to setup RSA Authentication.
enable rsa authoentication in sshd_config, disable cleartext passwds
Then create yourself a key to use: ssh-keygen -t rsa
will guide you thru that. When you have the key generated, cp the id_rsa.pub to your ~/.ssh/authorized_keys
And, take the id_rsa to every machine you need to log in from. Only when providing it upon connect, you will be allowed access. Use it with openssh via the -i switch, and from windows machines, you must convert your openssh key via puttygens importer, then use the converted key with putty.
Thats as simple as I can make it, hope this helps.
Originally posted by Artanicus in a nutshell, all it takes is:
enable rsa authoentication in sshd_config, disable cleartext passwds
Then create yourself a key to use: ssh-keygen -t rsa
will guide you thru that. When you have the key generated, cp the id_rsa.pub to your ~/.ssh/authorized_keys
And, take the id_rsa to every machine you need to log in from. Only when providing it upon connect, you will be allowed access. Use it with openssh via the -i switch, and from windows machines, you must convert your openssh key via puttygens importer, then use the converted key with putty.
Thats as simple as I can make it, hope this helps.
"cp the id_rsa.pub to your ~/.ssh/authorized_key"
im in /root
i did 'ssh-keygen -t rsa'
then I copied irc_rsa.pub to /root/.ssh/authorized_keys, is authorized_keys a folder? or a file?
"PasswordAuthentication no" is indeed the way to go.
"PubkeyAuthentication yes" is the actual way to allow key-based authentication.
Client side, there isnt much to change if youre using OpenSSH:s client. If you have the keyfile in your ~/.ssh/id_rsa then you need not do anything differently than before. If you have it elsewhere or under another name, you need to supply it with the -i parameter.
This thread explains how to use ssh-keygen to created a key for yourself. But does not your machine itself have a key which can be copied to other machines on your network so that at the linux server/clients can all recognize each other as trusted computers?
The ssh man file reads about /etc/ssh/ssh_known_hosts
Quote:
Systemwide list of known host keys. This file should be prepared
by the system administrator to contain the public host keys of
all machines in the organization.
How does the system administrator create the keys for each computer?
Originally posted by maxque This thread explains how to use ssh-keygen to created a key for yourself. But does not your machine itself have a key which can be copied to other machines on your network so that at the linux server/clients can all recognize each other as trusted computers?
The ssh man file reads about /etc/ssh/ssh_known_hosts
How does the system administrator create the keys for each computer?
maxque
Once you generate the priv. key. you can send it to other computers so other computers can connect to the sshd server using that (the one that was generated on the sshd server) key/passphrase.
You can also generate keys for different users. (if i'm user houler, I can generate my own key, so I can login to my own account with that key instead of using the login/password scheme)
I did a google search and I found out that you can use ssh-agent to manage the passphrases. But the things is that once the shell that the ssh-agent is on has quit, the passphrases will be forgotten until the next ssh-agent session?
Also,
I found a more convenient way which used keychain with ssh-agent but...
Originally posted by maxque
[B
How does the system administrator create the keys for each computer?
maxque [/B]
Just after I posted this I found this very old page. The path names are for another operating system however the information is what i was looking for NCSA OpenSSH Installation Guide .
Those are machine specific keys not user specific. Like the man file says you generate a set of these for each machine on your network and the ssh_host_key becomes a known_hosts entry for each computer on the network.
Watch the path names, they are different for Linux than on the NSCA site.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.