CREATING SSH KEY PAIRS

Creating ssh key pairs is very important specially when you are working on a opensource project.If your SSH server is visible over the Internet, you should use public key authentication instead of passwords if at all possible.

With public key authentication, every computer has a public and a private “key” (a large number with particular mathematical properties). The private key is kept on the computer you log in from, while the public key is stored on the .ssh/authorized_keys file on all the computers you want to log in to. When you log in to a computer, the SSH server uses the public key to “lock” messages in a way that can only be “unlocked” by your private key – this means that even the most resourceful attacker can’t snoop on, or interfere with, your session. As an extra security measure, most SSH programs store the private key in a passphrase-protected format, so that if your computer is stolen or broken in to, you should have enough time to disable your old public key before they break the passphrase and start using your key. Wikipedia has a more detailed explanation of how keys work

STEPS FOR CREATING SSH KEY PAIRS :
  • First decide if you will be using SSH1 or SSH2 (or both). Most likely you’ll want to stick with SSH1 (until OpenSSH is installed at PPPL, or until SSH2 is installed, etc).
  • To generate public/private keypair for SSH1: 

        $ ssh-keygen       This will generate ~/.ssh/identity and ~/.ssh/identity.pub.

  • Do this on each machine you want to access (to/from) using ssh (only need to do this once on the PPPL unix cluster)
  • Take all of the identity.pub files (which contain a public key on one line) and create an ~/.ssh/authorized_keys file by placing the contents of each separate identity.pub file on a single line of the ~/.ssh/authorized_keys file (then place on all sshable hosts).
  • For SSH2, use ssh-keygen -t {rsa,dsa} (you choose between rsa keys or dsa keys, currently I use DSA), which will generate ~/.ssh/id_{dsa,rsa} and ~/.ssh/id_{dsa,rsa}.pub.
  • Follow instructions for SSH1 keys, but instead generate a ~/.ssh/authorized_keys2 file using the id_{dsa,rsa}.pub files.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s