SSH-Keys: Difference between revisions

From Redbrick Wiki
Jump to navigation Jump to search
(moved from old website)
 
No edit summary
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
To use this you will need to have ssh on your current machine. SSH-Keys are used to allow passwordless access to a machine. It uses an unique host key to identify who you are.
SSH-Keys are used to allow passwordless access to a machine. It uses an unique host key to identify who you are.
 
To use this you will need to have ssh on your current machine.  


==Linux SSH-Keys==
==Linux SSH-Keys==
 
===Creating the Key===
First of all, you will need to create your secret key which will remain on the machine you are ssh'ing from. This is done by typing:
First of all, you will need to create your secret key which will remain on the machine you are ssh'ing from. This is done by typing:
  ssh-keygen -t dsa
  ssh-keygen -t dsa
Line 9: Line 11:
You will then be asked for a passphrase. A passphrase will help to stop people who get access to your console getting access to different accounts. Its basically to help make it more secure. Once you have entered your passphase , you will be asked to re-type your passphrase. You can just just press enter if you don't want to use a passphrase.
You will then be asked for a passphrase. A passphrase will help to stop people who get access to your console getting access to different accounts. Its basically to help make it more secure. Once you have entered your passphase , you will be asked to re-type your passphrase. You can just just press enter if you don't want to use a passphrase.


You will then need to copy your public key (~/.ssh/id_dsa.pub) to the server you wish to ssh to. This is done by:
===Copying the Key to Redbrick===
  scp ~/.ssh/id_dsa.pub username@login.redbrick.dcu.ie:.ssh/
Now you will then need to copy your public key (~/.ssh/id_dsa.pub) to the server you wish to ssh to. Redbrick's machines have a common home directory so you only need to transfer your ssh-key once.
 
Two options for transferring your key are outlined bellow;
 
====Option 1====
  ssh-copy-id -i ~/.ssh/id_dsa.pub username@login.redbrick.dcu.ie
 
This will append your key to your authorized_keys file on redbrick.


====Option 2====


All of RedBrick's machines have shared home directories for users so once you set up ssh-keys for one, you've done it for all of them.
scp ~/.ssh/id_dsa.pub username@login.redbrick.dcu.ie:.ssh/


This will put the file in the ~/.ssh folder of your account on the machine you want to ssh to.
This will put the file in the ~/.ssh folder of your account on the machine you want to ssh to.
Line 21: Line 31:


You will still be prompted for a password at this stage. Once you are on other machine, you need to move into the .ssh directory cd .ssh. You will have to add the line in the id_dsa.pub into the authorized_keys file. The easiest way to do this is to simple cat the i d_dsa.pub and put the results into the authorized_keys file i.e:
You will still be prompted for a password at this stage. Once you are on other machine, you need to move into the .ssh directory cd .ssh. You will have to add the line in the id_dsa.pub into the authorized_keys file. The easiest way to do this is to simple cat the i d_dsa.pub and put the results into the authorized_keys file i.e:
cat id_dsa.pub >> authorized_keys
cat id_dsa.pub >> authorized_keys
 
Once all that is done, then all that remains to do is to remove the id_dsa.pub on the machine you wish to ssh to rm ~/.ssh/id_dsa.pub.


Once all that is done, then all that remains to do is to remove the id_dsa.pub on the machine you wish to ssh to rm ~/.ssh/id_dsa.pub. Note that this will only work when ssh'ing from the machine you set up the keys on to the machine you sent your public key to. The next time you log in you will be asked for your passphrase or logged straight on if you did not choose to have a passphrase.
===Changing your Passphrase===
If you have any problems at any stage, helpdesk will be more than happy in helping you out. Have fun :-)
From time to time you may wish to change the passprhase on your ssh-key. To do this run the following command
ssh-keygen -f ~/.ssh/id_dsa -p
It will prompt you for your current passphrase. Once you have typed your current passphrase it will ask you for a new passphrase. You will then be asked to re-enter it to validate it.


The next time you connect to redbrick it should use this new passphrase.


==Windows SSH-Keys with Putty==
==Windows SSH-Keys with Putty==
Line 37: Line 52:
When the program loads up, you will be faced with a a small number of options on the the base of the screen. Select DSA as the key type. It will automatically select 1024 for the number of bits but you can change this number to whatever you want. When you have filled in this information, click on "Generate".
When the program loads up, you will be faced with a a small number of options on the the base of the screen. Select DSA as the key type. It will automatically select 1024 for the number of bits but you can change this number to whatever you want. When you have filled in this information, click on "Generate".


You will be asked to move the mouse around the blank space on the screen. The more you move the mouse, the more random the keys will be. It will generate the keys straight away. You can then enter a passphrase (if you wish) and then confirm it by typing it again. Then click "save private key" to save this key. You will be asked to give the program a destination folder to save the key to and you will need to give it a filename. Do the same for "save private key".
You will be asked to move the mouse around the blank space on the screen. The more you move the mouse, the more random the keys will be. It will generate the keys straight away. You can then enter a passphrase (if you wish) and then confirm it by typing it again. Then click "save private key" to save this key. You will be asked to give the program a destination folder to save the key to and you will need to give it a filename. Do the same for "save public key".


Now once you have saved your keys, press "Load". If you gave it a passphrase, you will need to type it in now. At the top you will see the public key that you will need to copy in to your authorised keys. Highlight it and right click and select copy. Then you'll have to log on to the server you wish to be able to ssh easily too. You will need to go to putty.exe.  
Now once you have saved your keys, press "Load". If you gave it a passphrase, you will need to type it in now. At the top you will see the public key that you will need to copy in to your authorised keys. Highlight it and right click and select copy. Then you'll have to log on to the server you wish to be able to ssh easily too. You will need to go to putty.exe.  
Line 43: Line 58:


You will still be prompted for a password at this stage. Once you are on other machine, you need to move into the .ssh directory cd .ssh. You may need to create a authorized_keys file by doing the following :
You will still be prompted for a password at this stage. Once you are on other machine, you need to move into the .ssh directory cd .ssh. You may need to create a authorized_keys file by doing the following :
  touch ~/.ssh/authorized_keys.
  touch ~/.ssh/authorized_keys  
Then all that is left to do is to put the public key into the authorized_keys file.  
Then all that is left to do is to put the public key into the authorized_keys file.  
  cat >> authorized_keys
  cat >> authorized_keys
Line 52: Line 67:


If you have any problems or something just won't work for you, just mail or hey a member of helpdesk and they'll sort it out for ya :-)
If you have any problems or something just won't work for you, just mail or hey a member of helpdesk and they'll sort it out for ya :-)
[[Category:Helpdesk]]

Latest revision as of 21:44, 21 December 2011

SSH-Keys are used to allow passwordless access to a machine. It uses an unique host key to identify who you are.

To use this you will need to have ssh on your current machine.

Linux SSH-Keys

Creating the Key

First of all, you will need to create your secret key which will remain on the machine you are ssh'ing from. This is done by typing:

ssh-keygen -t dsa

This will generate the public and private keys. You will be asked where you wish to store the key. Just press enter to accept the default location.

You will then be asked for a passphrase. A passphrase will help to stop people who get access to your console getting access to different accounts. Its basically to help make it more secure. Once you have entered your passphase , you will be asked to re-type your passphrase. You can just just press enter if you don't want to use a passphrase.

Copying the Key to Redbrick

Now you will then need to copy your public key (~/.ssh/id_dsa.pub) to the server you wish to ssh to. Redbrick's machines have a common home directory so you only need to transfer your ssh-key once.

Two options for transferring your key are outlined bellow;

Option 1

ssh-copy-id -i ~/.ssh/id_dsa.pub username@login.redbrick.dcu.ie

This will append your key to your authorized_keys file on redbrick.

Option 2

scp ~/.ssh/id_dsa.pub username@login.redbrick.dcu.ie:.ssh/

This will put the file in the ~/.ssh folder of your account on the machine you want to ssh to.

You will need to log in to the machine you want to ssh to. Just use ssh as you normally would for the moment:

ssh username@login.redbrick.dcu.ie

You will still be prompted for a password at this stage. Once you are on other machine, you need to move into the .ssh directory cd .ssh. You will have to add the line in the id_dsa.pub into the authorized_keys file. The easiest way to do this is to simple cat the i d_dsa.pub and put the results into the authorized_keys file i.e:

cat id_dsa.pub >> authorized_keys

Once all that is done, then all that remains to do is to remove the id_dsa.pub on the machine you wish to ssh to rm ~/.ssh/id_dsa.pub.

Changing your Passphrase

From time to time you may wish to change the passprhase on your ssh-key. To do this run the following command

ssh-keygen -f ~/.ssh/id_dsa -p

It will prompt you for your current passphrase. Once you have typed your current passphrase it will ask you for a new passphrase. You will then be asked to re-enter it to validate it.

The next time you connect to redbrick it should use this new passphrase.

Windows SSH-Keys with Putty

You will need to open the Key Generator program usually located in the same menu as Putty.exe. If you do not have this program, you can download it from:

http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe

This is what will generate the public and private keys.

When the program loads up, you will be faced with a a small number of options on the the base of the screen. Select DSA as the key type. It will automatically select 1024 for the number of bits but you can change this number to whatever you want. When you have filled in this information, click on "Generate".

You will be asked to move the mouse around the blank space on the screen. The more you move the mouse, the more random the keys will be. It will generate the keys straight away. You can then enter a passphrase (if you wish) and then confirm it by typing it again. Then click "save private key" to save this key. You will be asked to give the program a destination folder to save the key to and you will need to give it a filename. Do the same for "save public key".

Now once you have saved your keys, press "Load". If you gave it a passphrase, you will need to type it in now. At the top you will see the public key that you will need to copy in to your authorised keys. Highlight it and right click and select copy. Then you'll have to log on to the server you wish to be able to ssh easily too. You will need to go to putty.exe.


You will still be prompted for a password at this stage. Once you are on other machine, you need to move into the .ssh directory cd .ssh. You may need to create a authorized_keys file by doing the following :

touch ~/.ssh/authorized_keys 

Then all that is left to do is to put the public key into the authorized_keys file.

cat >> authorized_keys

You should still have the public key in your buffer, if not just copy it again from the top of the Key Generator program. Just right click on your terminal and you will see it being printed onto the screen. Then hit Ctrl^D.

Now when you run putty.exe, all you have to do is go to connection:SSH:Auth and click on "Browse" to tell putty where your private key is. You can save your settings so you don't have to do this everytime. Now when you log in you will either get in without a password or only have to give your passphrase. Don't forget to reload the private key in the key generator next time you log on to your computer.

If you have any problems or something just won't work for you, just mail or hey a member of helpdesk and they'll sort it out for ya :-)