|
Size: 687
Comment:
|
Size: 2606
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
| 1. Do ssh-keygen on the SOURCE host. 2. Write to file, probably not the same id_rsa you currently have 3. On SOURCE machine, now should see two files : id_rsa_stuff, id_rsa_stuff.pub 4. Go to DESTINATION host. Copy key contents of SOURCE id_rsa_stuff.pub into DESTINATION's authorized_keys file. 5. make sure DESTINATION authorized_keys is permission 600 6. on SOURCE machine, source the agent - source ~/.ssh-agent (check that .ssh-agent is the filename using ls -a command). 7. on SOURCE machine, do ssh-add .ssh/id_rsa_stuff 8. Try it. ssh user@DESTINATION 9. Should just work with no password. |
If you are creating this public-private key to make ssh not prompt for a password when you ssh from one JSOC machine to another, then stop at step 5. The local and remote machines are one in the same if you are creating these keys for this purpose. These first 5 steps will also allow you to issue CVS commands without having to enter a password. 1. On the local machine, run <<BR>><<BR>>{{{> ssh-keygen -t rsa}}}<<BR>><<BR>> This will create a public-private key pair (one file will be created to contain the public key, and one will be created to contain the private key). 1. You get to choose the names of the files into which the keys are saved. You can select the default filename if you wish (if the files already exists, they will be overwritten). If not, and you choose a filename of <filename>, then the private key will be stored in <your home directory/.ssh/<filename>, and the private key will be stored in <your home directory/.ssh/<filename>.pub 1. Hit the return key twice to not create a passphrase. Alternately, you could create a passphrase, but then you will be prompted for the passphrase when you run the ssh command, unless you wish to use ssh-agent to automate authentication of the passphrase for you (see step 6 below). 1. On the remote machine, create the .ssh folder, if it does not exist, in the home directory (<home dir>) of the account you wish to ssh to. Make it have permissions 700. 1. APPEND the contents of the public key you generated on the local machine in step 2 to the authorized_keys file in the <home dir>/.ssh directory of the remote host:<<BR>><<BR>>{{{> cat .../<filename>.pub >> <home dir>/.ssh/authorized_keys}}}<<BR>><<BR>>Ensure that the permissions of authorized_keys is 644. 1. If in step 3 you entered a passphrase when creating the public-private key pair, you can configure and run ssh-agent to provide the passphrase for you when you run ssh, obviating the prompt for a passphrase. To do this run<<BR>><<BR>>{{{> ssh-agent -c > ~/.ssh-agent # start ssh-agent, and save environment settings into a file to be used by ssh-agent clients}}}<<BR>>{{{> source ~/.ssh-agent_dev # set the client's environment variable settings (needed to run ssh-add)}}}<<BR>>{{{> ssh-add /home/jsoc/.ssh/id_rsa # add the private key to ssh-agent's memory tables (this will require typing the key's passphrase)}}} 1. Try running obtaining a secure connection:<<BR>><<BR>>{{{> ssh <user>@<remote host>}}}<<BR>><<BR>>You should connect without being prompted for a password. |
Some quick notes on the sequence for installing ssh keys.
If you are creating this public-private key to make ssh not prompt for a password when you ssh from one JSOC machine to another, then stop at step 5. The local and remote machines are one in the same if you are creating these keys for this purpose. These first 5 steps will also allow you to issue CVS commands without having to enter a password.
On the local machine, run
> ssh-keygen -t rsa
This will create a public-private key pair (one file will be created to contain the public key, and one will be created to contain the private key).You get to choose the names of the files into which the keys are saved. You can select the default filename if you wish (if the files already exists, they will be overwritten). If not, and you choose a filename of <filename>, then the private key will be stored in <your home directory/.ssh/<filename>, and the private key will be stored in <your home directory/.ssh/<filename>.pub
- Hit the return key twice to not create a passphrase. Alternately, you could create a passphrase, but then you will be prompted for the passphrase when you run the ssh command, unless you wish to use ssh-agent to automate authentication of the passphrase for you (see step 6 below).
On the remote machine, create the .ssh folder, if it does not exist, in the home directory (<home dir>) of the account you wish to ssh to. Make it have permissions 700.
APPEND the contents of the public key you generated on the local machine in step 2 to the authorized_keys file in the <home dir>/.ssh directory of the remote host:
> cat .../<filename>.pub >> <home dir>/.ssh/authorized_keys
Ensure that the permissions of authorized_keys is 644.If in step 3 you entered a passphrase when creating the public-private key pair, you can configure and run ssh-agent to provide the passphrase for you when you run ssh, obviating the prompt for a passphrase. To do this run
> ssh-agent -c > ~/.ssh-agent # start ssh-agent, and save environment settings into a file to be used by ssh-agent clients
> source ~/.ssh-agent_dev # set the client's environment variable settings (needed to run ssh-add)
> ssh-add /home/jsoc/.ssh/id_rsa # add the private key to ssh-agent's memory tables (this will require typing the key's passphrase)Try running obtaining a secure connection:
> ssh <user>@<remote host>
You should connect without being prompted for a password.