Date: March, 2003 Using SSH --------- This brief explanation assumes a recent version of OpenSSH. Both Linux and Windows have SSH clients. Assuming you have an SSH client (SSH version 2) installed on your workstation, you may connect to a server running an OpenSSH server either via a password or public key authentication. To use public key authentication, run the SSH keygen program, accepting the defaults. This will generate two files; id_dsa and id_dsa.pub. The id_dsa.pub file is your public key, the other file is a passphrase-protected encoding of your private key (your private key is never written to disk unencrytped.) For a more detailed explanation of how to generate a private/public key pair as well as an explanation of how to avoid having to enter your passphrase every time you use ssh, see: Synopsis: Passwordless connections using OpenSSH and keychain. Suppose you wish to connect to a server named foo.com. To connect via SSH to foo.com using public key authentication, append id_dsa.pub to your $HOME/.ssh/authorized_keys file on foo.com. You may need to make sure that $HOME/.ssh is not group writable, depending on how the system administrator of foo.com has set the strictmodes setting in the server /etc/ssh/sshd_config file. You may now connect to foo.com, assuming it is running an sshd daemon accepting ssh connections from your client. From Windows, run your SSH client and tell it to use public key authentication. From Linux, do the following once per UNIX session: ssh-agent $HOME ssh-add Then do: ssh foo.com or: ssh -l <your user name> foo.com or: ssh <your user name>@foo.com Depending on how your local client system has configured the settings in /etc/ssh/ssh_config, your Linux ssh client should attempt public key authentication before falling back to password authentication. If you have done the above ssh-agent and ssh-add commands, you will not be prompted for your passphrase, you will be simply connected, assuming that your public key is setup correctly on foo.com and your private key is setup correctly on your local machine. |