Sunday, March 15, 2009

ssh with no key for backup purposes

may use rsa or dsa

There are those of us that do a lot of ssh during the course of a day. I know I do quite a bit for accessing my files from my office. In any event you’ll probably want to setup public key authentication which allows you to login via ssh without a password.

Of course this adds a level of convenience for you, but could be considered less-secure. While its difficult to spoof an rsa/dsa encryption key (probably more difficult than a simple password) anyone that has access to your machine would be able to access the remote machines via this authenticated key.

There are a few quick steps for setting this up that I’ll outline below.

First you’ll need to generate your local public key. This is the public end of a local public / private pair that you’ll share with the remote machine to identify you.

ssh-keygen -t rsa (on your local machine)

Second you’ll need to copy this key to the remote machine using a command such as:

scp ~/.ssh/id_rsa.pub user@yourserver.com:

Lastly, log into the remote machine via ssh (using your password for the last time!) and use this command to add the newly generated key to the list of authenticated keys:

cat id_rsa.pub >> .ssh/authorized_keys

You’ll also probably want to delete the original key as well.

rm id_rsa.pub

At this point a copy of your key is now stored on the remote machine as an authorized keys and any ssh connection coming from the local machine will match that key and connect with the key authentication instead of a password. So nice.

…just remember that anyone with access to your machine will now have this access as well. Definitely keep this in mind if you’re using any kind of a public machine.

No comments: