How to to setup Unix/Linux SSH key authentication

Its easy to setup a Unix/Linux SSH key authentication, heres how. We normally setup ssk key authentication to automate some of the jobs. If you have more than few hundred of servers and if you need to login reguarly, then better to have SSH key setup. You don’t need to enter password all the time.

* Creating keys
* Distributing public keys
* Testing ssh accesses
* Troubleshooting

1. Creating keys

Keys are created with the command ssh-keygen:
# ssh-keygen -t -b -C “comment” -f

where:
* key-type is dsa or rsa (dsa is the most commonly used these days)
* key-len is the length of the key. For dsa 1024 bits is considered as secure enough, 2048 is considered more than secure. Keys larger than 2048 should only be used if erformance is not an issue
* name is the name of the key-files. Defaults are id_rsa for rsa and id_dsa for dsa. I personally use id_dsa-

The result are two files, id_dsa- the private key and id_dsa-.pub the public key.

2. Distributing public keys

In order to use the private/public key sheme to encrypt the session data the private key must be installed on the remote machine.

Copy the private key to the remote machine: # scp id_dsa-.pub @>remote-host>:/home//.ssh
Then connect to the remote machine and install the public key by adding it to ~/.ssh/authorized_keys2: # cat id_dsa- >> authorized_keys2
Please note:

* authorized_keys2 shall not be world readable (chmod 600 authorized_keys2)
* If you decided to use rsa keys the public key has to be placed in authorized_keys

After having installed the public key on the remote machine log off.

If you use a key naming that is different from the default id_dsa/id_rsa it is required to instruct ssh about the key name. Therefore edit ~/.ssh/ config and add following line to it: IdentityFile=~/.ssh/id_dsa-3. Testing ssh accesses

Test ssh with following command:
# ssh-v @ First thing to check: make shure you are asked for your passphrase, not your password
. In case of any trouble the debug display can be used for tracing the decisions made during the access (also see “Troubleshooting”).

4. Troubleshooting

4.1. Using debug mode on client and server

For troubleshooting ssh both client and server provide detailed tracing options:

* The ssh option -v traces details during the session establishment (e.g. selection of identity file)
* You can start the sshd server on an alternate port using the command sshd -p -d -D. In this mode the server displays important information at session begin

4.1. Common errors

* ~/.ssh and/or the private data as well as config file are world readable
* If using a non-standard identity filename is is not defined in ~/.shh/config (you can also try forcing the identity file using the -i ssh option.

To get more quality articles, technical guides and discussions visit WebHostingChat.com