Open main menu

CDOT Wiki β

Changes

SSH

3,384 bytes added, 00:28, 9 January 2011
Created page with 'Category:SBR600Category:Linux SSH is the Secure Shell tool, a powerful encrypted communication tool. = Using SSH with Public-Key Authentication = Although SSH can be us…'
[[Category:SBR600]][[Category:Linux]]
SSH is the Secure Shell tool, a powerful encrypted communication tool.

= Using SSH with Public-Key Authentication =

Although SSH can be used with passwords, a sysadmin may need to use ssh hundreds of times a day, and typing passwords that often can become tedious. SSH therefore permits authentication using public and private keys.

== Public Key Cryptography ==

In a nutshell, public key cryptography works like this:
# A large random number is generated.
# That number is used to derive two mathematically-related but different keys. Each key is also a large number.
# Data can be encrypted by processing one of the keys and the data to be encrypted using an encryption algorithm. Once encrypted, the data appears to be a meaningless stream of numbers.
# The encrypted data cannot be decrypted using the original key, yielding the original data. However, it can be decrypted using the other, related key, and vice-versa.

To use public key cryptography:
# One key is designated as the "public key" and one is designated as the "private key".
#* The public key is distributed to all of the parties with whom you will be communicating.
#* The private key is ''never'' shared with anyone.
# Messages encrypted with your private key can only be decrypted with your public key, proving that the message came from you (authentication)
# Messages encrypted with your public key can only be decrypted with your private key, ensuring that only you can read them (privacy).
# To both ensure privacy and authentication on messages between you and another party, encrypt the message twice: once with your private key and once with their public key.

Practical considerations:
# The algorithms used in public-key cryptography are very slow. Therefore, it's common to use public key cryptography to exchange a key for a faster, symmetrical cypher, and then use that cypher for the actual data stream.
# ''Signing'' a message means authenticating it by taking a checksum (hash) of the message and encrypting that. This is faster than encrypting the entire message.
# Public key cryptography is very susceptible to the manipulation of public keys by an attacker interposed between the two parties at the time that the public keys are shared.
# Public key cryptography is susceptible to theft of the private key. The private key is therefore often protected with a passphrase.

== Using Public Keys with SSH ==

=== Creating a Public/Private Key Pair ===
# Enter this command: <code>ssh-keygen</code>
#* Answer the questions asked by ssh-keygen. Use default values for most questions. The use of a passphrase is recommended.
#* ssh-keygen will produce two files:
#** <code>~/.ssh/id_rsa</code> - your private key
#** <code>~/.ssh/id_rsa.pub</code> - your public key

=== Sending the Public Key to a Remote System Administrator ===
# Mail (or otherwise send) the <code>~/.ssh/id_rsa.pub</code> file.

=== Setting up Public Key Authentication on Two Machines ===

Manually:
# Copy the public key to the remote system you wish to access.
# Create the <code>~/.ssh</code> directory if it does not exist.
#* Set the permission on <code>~/.ssh</code> to 0700
# Append the public key to the file <code>~/authorized_keys</code>
#* Set the permission on <code>~/authorized_keys</code> to 0600

Automatically:
# Run the command: <code>ssh-copy-id ''user@host''</code>