SSH-Keys
SSH-Keys are used to allow passwordless access to a machine. It uses an unique host key to identify who you are.
To use this you will need to have ssh on your current machine.
Linux SSH-Keys
Creating the Key
First of all, you will need to create your secret key which will remain on the machine you are ssh'ing from. This is done by typing:
ssh-keygen -t dsa
This will generate the public and private keys. You will be asked where you wish to store the key. Just press enter to accept the default location.
You will then be asked for a passphrase. A passphrase will help to stop people who get access to your console getting access to different accounts. Its basically to help make it more secure. Once you have entered your passphase , you will be asked to re-type your passphrase. You can just just press enter if you don't want to use a passphrase.
Copying the Key to Redbrick
Now you will then need to copy your public key (~/.ssh/id_dsa.pub) to the server you wish to ssh to. Redbrick's machines have a common home directory so you only need to transfer your ssh-key once.
Two options for transferring your key are outlined bellow;
Option 1
ssh-copy-id -i ~/.ssh/id_dsa.pub username@login.redbrick.dcu.ie
This will append your key to your authorized_keys file on redbrick.
Option 2
scp ~/.ssh/id_dsa.pub username@login.redbrick.dcu.ie:.ssh/
This will put the file in the ~/.ssh folder of your account on the machine you want to ssh to.
You will need to log in to the machine you want to ssh to. Just use ssh as you normally would for the moment:
ssh username@login.redbrick.dcu.ie
You will still be prompted for a password at this stage. Once you are on other machine, you need to move into the .ssh directory cd .ssh. You will have to add the line in the id_dsa.pub into the authorized_keys file. The easiest way to do this is to simple cat the i d_dsa.pub and put the results into the authorized_keys file i.e:
cat id_dsa.pub >> authorized_keys
Once all that is done, then all that remains to do is to remove the id_dsa.pub on the machine you wish to ssh to rm ~/.ssh/id_dsa.pub.
Changing your Passphrase
From time to time you may wish to change the passprhase on your ssh-key. To do this run the following command
ssh-keygen -f ~/.ssh/id_dsa -p
It will prompt you for your current passphrase. Once you have typed your current passphrase it will ask you for a new passphrase. You will then be asked to re-enter it to validate it.
The next time you connect to redbrick it should use this new passphrase.
Windows SSH-Keys with Putty
You will need to open the Key Generator program usually located in the same menu as Putty.exe. If you do not have this program, you can download it from:
http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe
This is what will generate the public and private keys.
When the program loads up, you will be faced with a a small number of options on the the base of the screen. Select DSA as the key type. It will automatically select 1024 for the number of bits but you can change this number to whatever you want. When you have filled in this information, click on "Generate".
You will be asked to move the mouse around the blank space on the screen. The more you move the mouse, the more random the keys will be. It will generate the keys straight away. You can then enter a passphrase (if you wish) and then confirm it by typing it again. Then click "save private key" to save this key. You will be asked to give the program a destination folder to save the key to and you will need to give it a filename. Do the same for "save private key".
Now once you have saved your keys, press "Load". If you gave it a passphrase, you will need to type it in now. At the top you will see the public key that you will need to copy in to your authorised keys. Highlight it and right click and select copy. Then you'll have to log on to the server you wish to be able to ssh easily too. You will need to go to putty.exe.
You will still be prompted for a password at this stage. Once you are on other machine, you need to move into the .ssh directory cd .ssh. You may need to create a authorized_keys file by doing the following :
touch ~/.ssh/authorized_keys.
Then all that is left to do is to put the public key into the authorized_keys file.
cat >> authorized_keys
You should still have the public key in your buffer, if not just copy it again from the top of the Key Generator program. Just right click on your terminal and you will see it being printed onto the screen. Then hit Ctrl^D.
Now when you run putty.exe, all you have to do is go to connection:SSH:Auth and click on "Browse" to tell putty where your private key is. You can save your settings so you don't have to do this everytime. Now when you log in you will either get in without a password or only have to give your passphrase. Don't forget to reload the private key in the key generator next time you log on to your computer.
If you have any problems or something just won't work for you, just mail or hey a member of helpdesk and they'll sort it out for ya :-)