Skip to content

DSA Key Based SSH Authentication

So I have been asked, “Why is it when you SSH to a machine you never have to enter a password?”

“It is simple” I respond, “I use an encrypted key instead of a password”

Many people, including myself, attempt to setup SSH keys and find it tough to do and end up giving up out of frustration. This is because a lot of the documentation is tough to understand and follow and the HowTo’s that are found on the internet are often full of un-needed tasks and mubo-jumbo.

I am going to lift the smoke screen on key based SSH and make it so simple you will never use a password ever again!

First off, I will assume that you are on a UNIX or BSD based machine (Linux, Mac OS X, etc…). I don’t work in Windows and there for don’t know how (or if it is even possible) to do this on a Windows machine.

Step one, create key.
You will need to create a key pair on your local machine. This is were most people mess up and try making the key pair on the server. YOU MUST MAKE THE PAIR ON YOU LOCAL MACHINE!
Pull up the command line and run the key gen command:

~/:$ ssh-keygen -d

Press enter to accept the default path and file name.
Then hit enter to accept no passphrase.
Then you key will be generated.

It should look something like this when you’re done:

Generating public/private dsa key pair.
Enter file in which to save the key (/Users/mike/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/mike/id_dsa.
Your public key has been saved in /Users/mike/id_dsa.pub.
The key fingerprint is:
bf:ea:85:aa:bd:3c:db:51:21:87:46:89:67:92:03:84 mike@Mikes-Laptop.local

Step two, put public key on the remote machine.
Now will need to put the public key on the remote machine.
You will need to extract the contents of the public key file (id_dsa.pub) you just made. A good way to do this is with cat:

~/:$ cat ~/.ssh/id_dsa.pub

Then copy the string that cat spits out to your clip board or a note pad or something.

SSH to your server/remote machine and go to the .ssh directory in the user’s home directory:

~/:$ cd ./ssh

If it doesn’t exist, make it.

create a file named “authorized_keys” in the .ssh directory:

~/:$ touch authorized_keys

Then paste the string that you copied from id_dsa.pub file in to the authorized_keys file as one long line.

Then Logout. You are done!

Now you should be able to SSH to that machine and it will log you in without prompting for a password.

Posted in Tech. Tagged with , , .

By mike
November 5, 2007

No comments

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Some HTML is OK

(required)

(required, but never shared)

or, reply to this post via trackback.