First you need to create a key on the client machine
$ ssh-keygen -t dsa -f ~/.ssh/id_dsa username@domain.com
(Enter passphrase)
The username@domain.com can be of the form fred@google.com, or just fred. For example, to get to my machine at home from the Internet I login as
$ ssh name@server.domain.com
so thats what I put in for the key. However, when I am at home, I don't need FQDN or a different account name, so
$ ssh server
will do. Either is good.
next you need to copy the key to the remote server
$ scp ~/.ssh/id_dsa.pub remoteserver:
user@server's password:
Then you need to login to the remote server:
$ ssh user@remoteserver:
user@server's password:
then you need to copy the key into the authorized keys file:
$ cat id_dsa_something.pub >> .ssh/authorized_keys2
$ chmod 600 .ssh/authorized_keys2
if you get an error about "authorized_keys2" not being available, its likely because the account on remote machine has never SSH'd to anywhere else. So SSH to somewhere and try again.
now, when you do
$ ssh remoteserver
you should get the SSH-AGENT dialog box
When this is working, you can then turn off password authentication. On the remote machine opne the sshd_config file
$ nano /private/etc/sshd_config
and locate the lines below, removing the #
PasswordAuthentication no
ChallengeResponseAuthentication no
restart SSH and you are good to go
on the client you can manage your SSH identities for example:
to list the identities
$ ssh-add -l
to delete all identities, which you might want to do if you are doing a key re-fresh
$ ssh-add -D
All identities removed.
more at the man page developer.apple.com/documentation/Darwin/Reference/ManPages/man1/ssh-add.1.html
No comments:
Post a Comment