Date: March, 2003

Using SSH
---------

This brief explanation assumes a recent version of OpenSSH.

Both Linux and Windows have SSH clients.  Assuming you have an SSH
client (SSH version 2) installed on your workstation, you may connect
to a server running an OpenSSH server either via a password or public
key authentication.

To use public key authentication, run the SSH keygen program,
accepting the defaults.  This will generate two files; id_dsa and
id_dsa.pub.  The id_dsa.pub file is your public key, the other file is a
passphrase-protected encoding of your private key (your private key is
never written to disk unencrytped.)

For a more detailed explanation of how to generate a private/public
key pair as well as an explanation of how to avoid having to enter
your passphrase every time you use ssh, see:

  Synopsis: Passwordless connections using OpenSSH and keychain.

Suppose you wish to connect to a server named foo.com.

To connect via SSH to foo.com using public key authentication,
append id_dsa.pub to your $HOME/.ssh/authorized_keys file on
foo.com.  You may need to make sure that $HOME/.ssh is not group
writable, depending on how the system administrator of foo.com has set
the strictmodes setting in the server /etc/ssh/sshd_config
file.

You may now connect to foo.com, assuming it is running an sshd daemon
accepting ssh connections from your client.

From Windows, run your SSH client and tell it to use public key
authentication.

From Linux, do the following once per UNIX session:

  ssh-agent $HOME
  ssh-add

Then do:

  ssh foo.com

or:

  ssh -l <your user name> foo.com

or:

  ssh <your user name>@foo.com

Depending on how your local client system has configured the settings
in /etc/ssh/ssh_config, your Linux ssh client should attempt public
key authentication before falling back to password authentication.  If
you have done the above ssh-agent and ssh-add commands, you will not
be prompted for your passphrase, you will be simply connected,
assuming that your public key is setup correctly on foo.com and your
private key is setup correctly on your local machine.