[kwlug-disc] Tightening up SSH

Andrew Kohlsmith (mailing lists account) aklists at mixdown.ca
Mon Jul 19 09:54:09 EDT 2010

On Monday, July 19, 2010 09:44:40 am Johnny Ferguson wrote:
> Thank you very much. I'm going to look into what's involved in public
> key authentication. I kind of veered away from it because I didn't quite
> understand how it was working. Does each machine need a copy of the
> other's public key so they can use their private keys to verify
> eachother? Should each machine have its own key?

ssh-keygen -t dsa

Follow the prompts.

ssh-copy-id -i ~/.ssh/id_dsa.pub user at target

see the man pages for other options. Personally I never use the default 
filenames (-f) and add a comment (-C) to my keys. Not using default filenames 
means that the computer I access the target system from (i.e. my laptop that I 
work at all day) has an .ssh/config file that has several IdentityFile lines so 
that my ssh client can find the keys I'd like to use.

After playing with that for a bit, learn a bit about ssh-agent and gpg-agent 
and find out just how simple and easy it is to completely get rid of passwords. 


More information about the kwlug-disc mailing list