{"id":210,"date":"2012-08-31T08:08:09","date_gmt":"2012-08-31T08:08:09","guid":{"rendered":"https:\/\/olkn.homelinux.net\/2012\/08\/ssh-without-password-certificate-based\/"},"modified":"2012-08-31T08:08:09","modified_gmt":"2012-08-31T08:08:09","slug":"ssh-without-password-certificate-based","status":"publish","type":"post","link":"https:\/\/olkn.myvnc.com\/?p=210","title":{"rendered":"ssh without password &#8211; certificate based"},"content":{"rendered":"<p>create keys:<code><br \/>\nssh-keygen -t rsa<br \/>\nssh-keygen -t dsa<br \/>\n<\/code><br \/>or even more detailed:<code><br \/>\nssh-keygen -f <key-file> -C <comments> -N <password> -t rsa<br \/>\nssh-keygen -f id_rsa -C \"Keyfile for server\" -N \"\" -t rsa<\/code><br \/>\n<br \/>which will create the files id_rsa\/id_dsa and id_rsa.pub\/id_dsa.pub respectively. To copy the public keys to the target machine you may use:<code><br \/>\nssh-copy-id -i id_rsa.pub user@remote-system<br \/>\nssh-copy-id -i id_dsa.pub user@remote-system<\/code><br \/>or you may use ssh to copy the files:<code><br \/>\ncat *.pub | ssh user@remote-system 'umask 077; cat >>.ssh\/authorized_keys'<\/code><br \/>\nNote that the key file is only one line and must remain one line also in the authorized_keys file.<br \/>\nTo get access to the server via normal ssh shell the server is asking for a verification which will be generated by the client using the private key and the corresponding private passphrase. You may omit this part by leaving the passphrase empty when generating the keys.<\/p>\n<p>The public keyfile part must be inserted as one line to the server side .ssh\/authorized_keys file. <br \/>\nTo explicetely connect to a remote server using a key file you use the command:<code><br \/>\nslogin -i ~\/.ssh\/secret-key-file remotehost<\/code><br \/>\n<br \/>You may even further restrict the access to the remote server by including some options in the authorized_keys file like this:<code><br \/>\n#<br \/>\nfrom=\"client1\",no-port-forwarding,no-pty ssh-rsa AAAAB<br \/>\n3NzaC1yc2EAAAABIwAAAQEAybmcqaU\/Xos\/GhYCDkV+kDsK8+A5OjaK5WgLMqmu38aPo<br \/>\n56Od10RQ3EiB42DjRVY8trXS1NH4jbURQPERr2LHCCYq6tHJYfJNhUX\/COwHs+ozNPE8<br \/>\n3CYDhK4AhabahnltFE5ZbefwXW4FoKOO+n8AdDfSSOazpPas8jXi5bEwNf7heZT++a\/Q<br \/>\nxbu9JHF1huThuDuxOtIWl07G+tKqzggFVknM5CoJCFxaik91lNGgu2OTKfY94c\/ieETO<br \/>\nXE5L+fVrbtOh7DTFMjIYAWNxy4tlMR\/59UVw5dapAxH9J2lZglkj0w0LwFI+7hZu9XvN<br \/>\nfMKMKg+ERAz9XHYH3608RL1RQ== This comment describes key #1<br \/>\n#<br \/>\n#<br \/>\nfrom=\"*.domain\",no-X11-forwarding,noagent-forwarding ssh-rsa<br \/>\nAAAAC4MybC1yD2EAAAABIwAAAQEAybmcqaU\/Xos\/GhYCzkV+kDsK8+A5OjaK5WgLMqm<br \/>\nu38aPo56Od10RQSEiB42DjRVY8trXS1NH4jbURQPERr2LHCCYq6tHJYfJNhUX\/COwHs<br \/>\n+ozNPE83CYDhK4XhabahnltFE5ZbefwXW4FoKOO+n8AdDfSXOazpPas8jXi5bENf7he<br \/>\nZT++a\/Qxbu9JHF1huThuDuxOtIWl07G+tKqzggFVknM5CoJCFxaik91lNGgu2OTKfY9<br \/>\n4c\/ieETOXE5L+fVrbtOh7DTFMjIYAWNxy4tlMR\/59UVw5dapAxH9J2lZglkj0w0LwFI<br \/>\n+7hZu9XvNfMKMKg+ERAz9XHYH3608RL1RQ== This comment describes key #2<\/code><\/p>\n<ul>\n<strong>Problems:<\/strong><\/ul>\n<p>A possible problem may be the access rights for the files under .ssh\/ and especially .ssh\/authorized_keys which must only be accessible by the owner.<br \/>\nThe public key file must be appended to the detsination hosts ~\/.ssh\/authorized_keys file.<br \/>\nThe secret private key is stored on the client machine you are trying to connect to the remote machine from.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>create keys: ssh-keygen -t rsa ssh-keygen -t dsa or even more detailed: ssh-keygen -f -C -N -t rsa ssh-keygen -f id_rsa -C &#8220;Keyfile for server&#8221; -N &#8220;&#8221; -t rsa which will create the files id_rsa\/id_dsa and id_rsa.pub\/id_dsa.pub respectively. To copy the public keys to the target machine you may use: ssh-copy-id -i id_rsa.pub user@remote-system ssh-copy-id &hellip; <a href=\"https:\/\/olkn.myvnc.com\/?p=210\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">ssh without password &#8211; certificate based<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":["post-210","post","type-post","status-publish","format-standard","hentry","category-tutorials"],"_links":{"self":[{"href":"https:\/\/olkn.myvnc.com\/index.php?rest_route=\/wp\/v2\/posts\/210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/olkn.myvnc.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/olkn.myvnc.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/olkn.myvnc.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/olkn.myvnc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=210"}],"version-history":[{"count":0,"href":"https:\/\/olkn.myvnc.com\/index.php?rest_route=\/wp\/v2\/posts\/210\/revisions"}],"wp:attachment":[{"href":"https:\/\/olkn.myvnc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=210"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/olkn.myvnc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=210"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/olkn.myvnc.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}