[kwlug-disc] Tightening up SSH
Andrew Kohlsmith (mailing lists account)
aklists at mixdown.ca
Mon Jul 19 09:54:09 EDT 2010
On Monday, July 19, 2010 09:44:40 am Johnny Ferguson wrote:
> Thank you very much. I'm going to look into what's involved in public
> key authentication. I kind of veered away from it because I didn't quite
> understand how it was working. Does each machine need a copy of the
> other's public key so they can use their private keys to verify
> eachother? Should each machine have its own key?
ssh-keygen -t dsa
Follow the prompts.
ssh-copy-id -i ~/.ssh/id_dsa.pub user at target
see the man pages for other options. Personally I never use the default
filenames (-f) and add a comment (-C) to my keys. Not using default filenames
means that the computer I access the target system from (i.e. my laptop that I
work at all day) has an .ssh/config file that has several IdentityFile lines so
that my ssh client can find the keys I'd like to use.
After playing with that for a bit, learn a bit about ssh-agent and gpg-agent
and find out just how simple and easy it is to completely get rid of passwords.
More information about the kwlug-disc