| Property | Value |
|---|
| rdfs:label | |
| rdfs:comment | - I prefer logging in using public key authentication instead of sending the user password each time. How does that work? The local machine generates a pair of keys: whatever is encrypted with one of the key can be decrypted only by the other key. One of the key is sent to the remote server and it's called the public key. So once the server/remote machine has your public key, the local and the server can exchange the actual authentication data in a secure way. Also, the other key, called the private one, gets password-encrypted itself so that somebody snooping onto your hard disk cannot grab it and use it to authenticate to your remote server.
|
| dbkwik:scratch-pad/property/wikiPageUsesTemplate | |
| dbkwik:scratchpad/property/wikiPageUsesTemplate | |
| abstract | - I prefer logging in using public key authentication instead of sending the user password each time. How does that work? The local machine generates a pair of keys: whatever is encrypted with one of the key can be decrypted only by the other key. One of the key is sent to the remote server and it's called the public key. So once the server/remote machine has your public key, the local and the server can exchange the actual authentication data in a secure way. Also, the other key, called the private one, gets password-encrypted itself so that somebody snooping onto your hard disk cannot grab it and use it to authenticate to your remote server. $ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/xxx/.ssh/id_dsa): Created directory '/home/xxx/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xxx/.ssh/id_dsa. Your public key has been saved in /home/xxx/.ssh/id_dsa.pub. The key fingerprint is: XX:XX:XX:XX:XX:XX:.... Now let's send it securely to the server using scp (secure copy command, part of ssh) $ scp .ssh/id_dsa.pub root@1.2.3.4 Oopsie, I always forget putting the colon at the end! that means scp behaved like cp, making a copy of the file. Let's get rid of it $ rm root\@1.2.3.4 And now the correct one: $ scp .ssh/id_dsa.pub root@1.2.3.4: the first time an ssh connection is made some more warning will appear The authenticity of host '1.2.3.4' can't be established. RSA key fingerprint is XX:XX:XX:XX:XX:XX..... Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '1.2.3.4' (RSA) to the list of known hosts. root@1.2.3.4's password: id_dsa.pub 100% 607 0.6KB/s 00:00 Now I need to add this key to ssh authorized keys list, so let's access the server through ssh to accomplish this $ ssh root@1.2.3.4 root@1.2.3.4's password: ... create .ssh folder if it doesn't exist # mkdir .ssh # cat id_dsa.pub >> .ssh/authorized_keys2 # rm id_dsa.pub CTRL-D to exit back to local machine Now let's try if it works by reconnecting through ssh $ ssh root@1.2.3.4 Enter passphrase for key '/[...]/.ssh/id_dsa': Note that ssh doesn't ask for root password anymore but for the passphrase used to encrypt the private key, instead. If this kind of authentication fails or the user refuses it by pressing CTRL-D, then the old password authentication method is used. This behaviour can be altered by configuring ssh, for details
|
