Saturday, December 6, 2008

Ubuntu SSH How-to

Scenario: generate SSH key pairs and use PuTTY to logon to Ubuntu without inputing user & password each time.
  • Create the Cryptographic Keys:
    $ ssh-keygen -t rsa
    Assign the pass phrase (press [enter] key twice if you don't want a passphrase). It will create 2 files in ~/.ssh directory as follows:
    ~/.ssh/id_rsa : identification (private) key
    ~/.ssh/ : public key
  • Use WinSCP to copy the id_rsa (private key) to desktop, use PuTTYgen.exe to load this key and save private key to PuTTY's format.
  • Add in ~/.ssh/authorized_keys (or authorized_keys2), just in 1 line. Or simply
    mv authorized_keys
  • Be sure both the home directory and the .ssh directory be owned and writable only by the owner (700 recommended for .ssh)
  • Any error see /var/log/auth.log
  • sshd protocol 1 is insecure, so vi /etc/ssh/sshd_config:
    Protocol 2
    PasswordAuthentication no # if want to disable interactive logon
  • Restart sshd:
    $ sudo /etc/init.d/ssh restart
  • Use the saved private key in PuTTY:
    PuTTY Configuration -> Connection -> SSH -> Auth -> Private key file for authentication,
    then load the private key. Or use PAGEANT to load this automatically.
  • Change passphrase:
    If it's already converted to PuTTY format, use PuTTYgen.exe to convert it back to OpenSSH format, then
    $ ssh-keygen -p
    Enter file in which the key is (id_rsa):...


No comments: