First, here are the steps for generating an SSH2 key pair:
mbland@defender /home/student/mbland -> ssh-keygen2 Generating 1024-bit dsa key pair 5 oOo.oOo.ooOo Key generated. 1024-bit dsa, mbland@defender, Sun Apr 30 2000 21:39:13 Passphrase :
The passphrase can be anything, but the longer and harder to crack, the better. You will be prompted to reenter it, and then:
mbland@defender /home/student/mbland -> ssh-keygen2 Generating 1024-bit dsa key pair 5 oOo.oOo.ooOo Key generated. 1024-bit dsa, mbland@defender, Sun Apr 30 2000 21:39:13 Passphrase : Again : Private key saved to /home/student/mbland/.ssh2/id_dsa_1024_a Public key saved to /home/student/mbland/.ssh2/id_dsa_1024_a.pub
Now execute ``chmod 700 .ssh2'' to prevent anyone else from being able to access this directory at all, and then `` cd .ssh2'' before executing the next step:
mbland@defender /home/student/mbland/.ssh2 -> ls -l total 8 drwx------ 2 mbland student 512 Apr 30 16:55 hostkeys -rw------- 1 mbland student 871 Apr 30 17:42 id_dsa_1024_a -rw------- 1 mbland student 732 Apr 30 17:42 id_dsa_1024_a.pub -rw------- 1 mbland student 512 Apr 30 17:42 random_seed
If the file permissions in your directory don't look like this, chmod them until they do. Here's a breakdown of the contents of this directory:
~/.ssh2
directory of each remote host to which you wish to connect.
Notice that other than specifying the encryption algorithm and key length of the key pair, the filenames for each key aren't terribly descriptive. It may be worth your while to rename them:
mv id_dsa_1024_a id_dsa_1024_<localhostname> mv id_dsa_1024_a.pub id_dsa_1024_<localhostname>.pub
Where ``<localhostname>'' is whatever you please, but would likely make the most sense if it resembled the name of the local machine or network, for example:
id_dsa_1024_defender id_dsa_1024_defender.pub
Now it is necessary to create a file called `` authorization'' which will hold the filenames of the public keys which are permitted to be used in connecting to the local host. You can use your favorite text editor to create this file, and insert the following line:
Key id_dsa_1024_defender.pub
In the same fashion, you will need to create a file called ``identification'' which will contain the filename of the private key used to authenticate the local host to other hosts. It will need to contain the line:
IdKey id_dsa_1024_defender
Now you can effectively use Public/Private Key authentication to SSH between the machines in Hunter Creech, which maintain a shared user directory space. At this point, you will be prompted for the passphrase to the private key on the local host whenever your make a connection; this process can be automated by using ssh-agent, which is explained in a later section.
If you want to connect to a remote network, connect from home, or otherwise connect to a machine which doesn't have your Hunter Creech home directory mounted, then you need to execute these same steps on all the other hosts you wish to connect to. Once you've done that, you can begin to exchange public keys between hosts like so:
scp id_dsa_1024_defender.pub <remotehost>:.ssh2/ ssh <remotehost> cd .ssh2 cat >> authorization < echo "Key id_dsa_1024_defender.pub"
Notice that scp is another program in the SSH suite which allows you to securely transfer files across the network. To learn more, do a ``man scp.'' Also be aware that you may be prompted for your password several times while executing the above steps. And, of course, you may choose to use your favorite text editor to update the remote host's authorization file rather than exercise the cat trick above.