SSH is the Secure Shell tool, a powerful encrypted communication tool.

Using SSH with Public-Key Authentication

Although SSH can be used with passwords, a sysadmin may need to initiate hundreds of SSH connections a day, and typing passwords that often is tedious. SSH therefore permits authentication using public and private keys.

Background: Public Key Cryptography

See Public Key Cryptography for an overview of how this technology works.

Using Public Keys with SSH

Creating a Public/Private Key Pair

1. Enter this command: ssh-keygen
   • Answer the questions asked by ssh-keygen. Use default values for most questions. The use of a passphrase is recommended.
   • ssh-keygen will produce two files:
     • ~/.ssh/id_rsa - your private key
     • ~/.ssh/id_rsa.pub - your public key

Key Type and Length
ssh-keygen can generate two types of keys: rsa and dsa. Either type serves the same purpose, can can be generated with varying key lengths. The longer the key, the more difficult it is to break the key by guessing it (trying successive values until the right key is found) - each bit added to the key doubles the number of possible key values. Key lengths of 1024-4096 bits are considered reasonably secure; as computers become faster, key lengths should be increased.

Sending the Public Key to a Remote System Administrator

1. Mail (or otherwise send) the ~/.ssh/id_rsa.pub file to the remote system administrator.

Setting up Public Key Authentication on Two Machines

Manually:

1. Copy the public key to the remote system you wish to access.
2. Create the ~/.ssh directory if it does not exist.
   • Set the permission on ~/.ssh to 0700
3. Append the public key to the file ~/authorized_keys
   • Set the permission on ~/authorized_keys to 0600

Automatically:

1. Run the command: ssh-copy-id user@host