sshkey
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
sshkey [2007/01/30 14:13] – created damir | sshkey [2022/08/05 13:20] (current) – admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== | + | ====== |
- | You can connect to the servers using the SSH protocol | + | You can connect to the servers using the SSH protocol |
This behaviour can be used when you are using the Servers from the Epfl Network, but also when you connect to the server from outside the Epfl. | This behaviour can be used when you are using the Servers from the Epfl Network, but also when you connect to the server from outside the Epfl. | ||
+ | ===== Setup ===== | ||
+ | |||
+ | ==== Generate the public/ | ||
+ | |||
+ | Note that this doc applies only to Unix (Mac/ | ||
- | ==== ssh without password from local workstation ==== | ||
* Login in your workstation and open a Terminal Windows (if you are using the Graphical interface) | * Login in your workstation and open a Terminal Windows (if you are using the Graphical interface) | ||
* Execute this command | * Execute this command | ||
- | $ sshkeygen | + | $ ssh-keygen |
- | * When the system ask a name for the file **id_dsa** just press enter | + | * When the system ask a name for the file **id_ed25519**, just press enter |
- | * Do the same for the **id_dsa.pub** file | + | |
- | * cd in your .ssh directory with | + | * The system will ask your for a password. This is the password that is used to encrypt your private key file (id_ed25519) so, even if the file gets stolen, it cannot be used. Try to generate a strong password. |
- | | + | |
- | * Execute | + | |
+ | |||
+ | | ||
+ | |||
+ | $ cat ~/ | ||
+ | |||
+ | From now, every time you connect to a server, the server itself will recognize your workstation automatically (it read the ~/ | ||
+ | |||
+ | In fact, since your private key is encrypted, you need to type the password to decrypt it each time you want to use it. Seems like we have just replaced the "enter remote machine password" | ||
+ | |||
+ | ==== Setup ssh-agent ==== | ||
+ | |||
+ | Ssh-agent is a program that keeps in memory your decrypted private ssh key and serves it to ssh when it is needed. In this way you only have to type the decryption password only once. Keeping the decrypted key (or the password) in memory is considered safer than letting the key file un-encrypted. | ||
+ | |||
+ | === On desktop sessions === | ||
+ | All modern desktop environment (os X, Gnome, KDE), do take care automatically the ssh key decryption business and you don't have to do anything. Yahoo! | ||
+ | |||
+ | === On console === | ||
+ | If you are not on a full desktop environment (e.g. if you ssh to a machine from where you want to connect to [several] another machines), then you have to setup the ssh-agent business by hand. | ||
+ | |||
+ | The two (actually three) steps are | ||
+ | * launch '' | ||
+ | |||
+ | $ eval `ssh-agent -s` | ||
+ | |||
+ | * ask '' | ||
+ | |||
+ | $ ssh-add [-t time_in_seconds] ~/ | ||
- | | + | |
- | From now, every time you connet to a server, the server will recognize your workstation automatically (it read the ~/.ssh/ | + | $ ssh-agent -k |
+ | Since this is quite cumbersome, I suggest to add the following to your '' | ||
- | ==== ssh without password from local workstation ==== | + | < |
+ | # only for interactive shell | ||
+ | if [ " | ||
+ | # run ssh agent if not already running | ||
+ | SSHAGENT=/ | ||
+ | if [ -z " | ||
+ | eval `$SSHAGENT -s` | ||
+ | alias ssh='ssh-add; unalias ssh; ssh' | ||
+ | trap " | ||
+ | fi | ||
+ | fi | ||
+ | </ | ||
- | | + | This will start '' |
sshkey.txt · Last modified: 2022/08/05 13:20 by admin