OpenSSH

 


Contents

  1. Quick Hints
  2. Authentication w/Keys
  3. ssh-agent
  4. OpenSSH Overview

See Also

  1. OpenSSH key management


Quick Hints

 

To log on to another computer:

ssh username@yourhost

 

To copy a file to another computer:

scp filename username@yourhost:/directory/path

or

sftp yourhost

 

To run a command on another computer:

ssh yourhost /path/command

 


Authentication w/Keys

SSH supports public-key authentication. Here is a procedure to enable public-key authentication for an OpenSSH implementation:

  1. Login as user username

  2. From the home directory, generate a key pair:

    $ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/usr/local/username/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /usr/local/username/.ssh/id_rsa
    Your public key has been saved in /usr/local/username/.ssh/id_rsa.pub
    The key fingerprint is:
    05:db:12:51:9f:48:dc:43:cd:8f:22:b0:a7:47:2d:17 username@hostname

    If you leave passphrase blank, you will not be asked for a passphrase later. Though insecure, this is useful for such things as batch ftp programs.

  3. Copy the public key to the remote host:

    scp .ssh/id_rsa.pub yourhost:/tmp

  4. Log on to your remote host as user username

  5. Append the contents of your public key into the SSH authorization file:

    cat /tmp/id_rsa.pub >> .ssh/authorized_keys
    cat /tmp/id_rsa.pub >> .ssh/authorized_keys2

    If the directory and/or file do not exist, create them.

  6. Set permissions:

    chmod 755 $HOME/.ssh
    chmod 755 $HOME
    chmod 644 $HOME/.ssh/authorized_keys
    chmod 644 $HOME/.ssh/authorized_keys2

Once authentication w/keys is in place, and if you did not configure a passphrase, you can now run commands such as:

scp filename remotehost:/path/to/remote/directory/
ssh -f remoteserver chmod 666 /path/to/remote/directory/filename

To reset a passphrase, run:

ssh-keygen -p


 

Home