• SSHKeyNotes

Some quick notes on the sequence for installing ssh keys.

If you are creating this public-private key to make ssh not prompt for a password when you ssh from one JSOC machine to another, then stop at step 5. The local and remote machines are one in the same if you are creating these keys for this purpose. These first 5 steps will also allow you to issue CVS commands without having to enter a password.

1. On the local machine, run
   
   > ssh-keygen -t rsa
   
   This will create a public-private key pair (one file will be created to contain the public key, and one will be created to contain the private key).

2. You get to choose the names of the files into which the keys are saved. You can select the default filename if you wish (if the files already exists, they will be overwritten). If not, and you choose a filename of <filename>, then the private key will be stored in <your home directory>/.ssh/<filename>, and the private key will be stored in <your home directory>/.ssh/<filename>.pub

3. Hit the return key twice to not create a passphrase. Alternately, you could create a passphrase, but then you will be prompted for the passphrase when you run the ssh command, unless you wish to use ssh-agent to automate authentication of the passphrase for you (see step 6 below).

4. On the remote machine, create the .ssh folder, if it does not exist, in the home directory (<home dir>) of the account you wish to ssh to. Make it have permissions 700.

5. APPEND the contents of the public key you generated on the local machine in step 2 to the authorized_keys file in the <home dir>/.ssh directory of the remote host:
   
   > cat .../<filename>.pub >> <home dir>/.ssh/authorized_keys
   
   Ensure that the permissions of authorized_keys is 644.

6. If in step 3 you entered a passphrase when creating the public-private key pair, you can configure and run ssh-agent to provide the passphrase for you when you run ssh, obviating the prompt for a passphrase. To do this run
   
   > ssh-agent -c > ~/.ssh-agent      # start ssh-agent, and save C-shell environment settings into a file to be used by ssh-agent clients (use -s to create bash environment settings)
   > source ~/.ssh-agent_dev          # set the client's environment variable settings (needed to run ssh-add)
   > ssh-add /home/jsoc/.ssh/id_rsa   # add the private key to ssh-agent's memory tables (this will require typing the key's passphrase)

7. Try running obtaining a secure connection:
   
   > ssh <user>@<remote host>
   
   You should connect without being prompted for a password.