RSA security keyGenerate personal set of private/public pair (do not use a passphrase):
user1@deby:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user1/.ssh/id_rsa): Created directory '/home/user1/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user1/.ssh/id_rsa. Your public key has been saved in /home/user1/.ssh/id_rsa.pub. The key fingerprint is: 81:95:1a:bd:32:89:3b:c7:34:da:a2:a0:14:24:26:73 user1@deby The key's randomart image is: +--[ RSA 2048]----+ | ... | |+oE .oo | |=o ..+.. | | . . B .. | | . * +S | |.. = + | |o. . + | |. . | | | +-----------------+Let ssh know your public key (here we are copy public ssh key from the client to remote server):
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keysSecure .ssh directory so nobody except you can get access there:
user1@deby:~$ chmod -R go-rwx .ssh/ user1@deby:~$ ls -la .ssh total 20 drwx------ 2 user1 user1 4096 2010-06-09 15:33 . drwxr-xr-x 4 user1 user1 4096 2010-06-09 15:22 .. -rw------- 1 user1 user1 393 2010-06-09 15:33 authorized_keys -rw------- 1 user1 user1 1675 2010-06-09 15:22 id_rsa -rw------- 1 user1 user1 393 2010-06-09 15:22 id_rsa.pub
Troubleshooting ssh localhost loginYou might need this while using existing ssh tunneling feature, e.g. svn+ssh access.
user1@deby:~$ ssh deby ssh_exchange_identification: Connection closed by remote hostYou need to add localhost to /etc/hosts.allow, e.g.
sshd: localhostHere is another issue that is related to pam_access module (if it configured to prohibit local logins):
user1@deby:~$ ssh deby Connection closed by 127.0.0.1Here is a rule that prohibit local logins except from localhost (file /etc/security/access.conf):
# Disallow console logins - : ALL : LOCAL EXCEPT 127.0.0.1
Windows clientIf you are using a windows machine to connect to your remote ssh server with PuTTY you need few extra steps to import private key.
- You need PuTTYgen. Download it from here.
- Import the key. Menu Conversions > Import key.
- Save private key (so PuTTY can understand it): Menu File > Save private key (do not set password).
- Load previously saved session in PuTTY
- In Category select Connection > Data, enter your remote username into Auto-login username
- In Category select Connection > SSH, choose SSH2 as your preferred protocol version
- In Category select Connection > SSH > Auth, browse the private key that you saved with PuTTYgen previously.
- Save your session
ssh-copy-idMac OS X doesn't come with ssh-copy-id, here is a single line command:
cat ~/.ssh/id_rsa.pub | ssh user@machine \ "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"You can download script here.