IPG Doc

User Tools

Site Tools

Trace:
sshkey

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Next revisionBoth sides next revision
sshkey [2007/01/30 14:13] – created damirsshkey [2011/04/05 16:08] cangiani
Line 1: Line 1:
-====== ssh without password ====== +====== Ssh without password ====== 
-You can connect to the servers using the SSH protocol witout the need to insert the password every time you connect. The trick is to generate a encripted key that can be used by the systems to recognize yourself and allow your access to local resources.+You can connect to the servers using the SSH protocol without the need to insert the password every time you connect. The trick is to generate a encripted key that can be used by the systems to recognize yourself and allow your access to local resources.
 This behaviour can be used when you are using the Servers from the Epfl Network, but also when you connect to the server from outside the Epfl. This behaviour can be used when you are using the Servers from the Epfl Network, but also when you connect to the server from outside the Epfl.
 +===== Setup =====
 +
 +==== Generate the public/private ssh key pair  ====
 +
 +Note that this doc applies only to Unix (Mac/Linux). There are similar things on window but they might not work //exactly// as described here.
  
-==== ssh without password from local workstation ==== 
  
   * Login in your workstation and open a Terminal Windows (if you are using the Graphical interface)   * Login in your workstation and open a Terminal Windows (if you are using the Graphical interface)
   * Execute this command   * Execute this command
  
-  $ sshkeygen -t dsa+  $ ssh-keygen -t dsa
  
   * When the system ask a name for the file **id_dsa** just press enter   * When the system ask a name for the file **id_dsa** just press enter
-  * Do the same for the **id_dsa.pub** file 
  
-  * cd in your .ssh directory with+  * The system will ask your for a password. This is the password that is used to encrypt your private key file (id_dsa) so that, even if the file gets stolen, it cannot be used. Try to generate a [[strongpass|strong password]].
  
-  $ cd ~/.ssh+  * Now you have to append the content of your public key file ''~/.ssh/id_dsa.pub'' into the ''~/.ssh/authorized_keys'' on the machines where you want to be able to ssh into (e.g. if you are generating the key pair on your laptop, you might want to add the public key on the cluster lth.epfl.ch):
  
-  * Execute this command+  $ cat ~/.ssh/id_dsa.pub | ssh USERNAME@lth.epfl.ch 'cat - >> ~/.ssh/authorized_keys' 
 + 
 +  In our cluster, all the machines have access to the same home directory. Therefore you can use standard local copy: 
 + 
 +  $ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
  
-  $ cat id_dsa.pub >> autorhized_keys+From now, every time you connet to a server, the server will recognize your workstation automatically (it read the ~/.ssh/authorized_keys file everytime you connect) and you can login without bothering with the password.... well almost! Curious? Continue reading.
  
-From nowevery time you connet to a server, the server will recognize your workstation automatically (it read the ~/.ssh/authorized_keys file everytime you connect) and you can login without bothering with the password.+In fact, since your private key is encrypted, you need to type the password that can decrypt it each time you want to use it. Seems like we didn't gain anything till now
  
 +Ssh-agent is a program that keeps in memory your decrypted private ssh key and serves it to ssh when it is needed. In this way you only have to type the decryption password only once. Keeping the decrypted key (or the password) in memory is considered safer than letting the key file un-encrypted. So, let's
  
-==== ssh without password from local workstation ====+==== Setup ssh-agent ====
  
-   
  
sshkey.txt · Last modified: 2022/08/05 13:20 by admin