[olug] curious

Christopher Cashell topher at zyp.org
Tue Dec 18 07:19:25 UTC 2001 

On Tue, Dec 18, 2001 at 01:19:16AM -0600, Brian Wiese wrote:
> An ssh public key?  How do I do that, I always use a password with ssh.
> How/What/Where/why?...

An SSH key works on the same principle as PGP (Pretty Good Privacy).

Basically, you have two keys, a private key, and a public key.  The
private key should always reside within your control, and never be given
out to anyone.  The public key you can give away to anyone you want.

You generate an SSH key pair with the program ssh-keygen[1].  The private
key part of the key pair is usually kept in $HOME/.ssh/identity.  The
public key is generally $HOME/.ssh/identity.pub.  identity.pub is a
simple text file which you can distribute to machines which you plan to
access.  On that remote machine, you would copy identity.pub into
$HOME/.ssh/authorized_keys.

Now, when you make a ssh connection to the remote machine, ssh tells the
remote machine that it has a SSH key, and asks the remote machine if it
has a matching SSH public key in the directory
$HOME/.ssh/authorized_keys (for the user ID you are attempting to login
under).  If the remote machine does have a matching SSH key, it will
issue a challenge which is answered by your entering the password you
set for your private key.  If you enter the correct password, then you
will be authenticated and given access on the machine.

One of the advantages of this method of authentication, is that you can
distribute your SSH public key to many different machines, and then
safely use the same password[2] to access them.  You can even make use
of the ssh-agent[3] program, so you only have to enter your password at
your initial login.

> Should I always have the same ssh public key, or does it change from which
> ever computer I am on?

Generally, your home PC, laptop, etc, will have it's own SSH key pair,
although it is possible to share your SSH private key among your
computers.  Your public key can be distributed as widely as you like.
Each SSH private key has it's own password, which you'll need to know in
order to access any remote machine that is setup to allow authorization
to that key.

I hope this explains things halfway well, although it's 1:30am and I've
been at home sick today (and I actually feel worse now than I did
earlier), so I'm not sure how coherent it is.  I'll try my best to
answer any additional questions you have, though.

> -Clueless
> Brian

[1] For more information:  `man ssh-keygen`

[2] The password for your SSH private key can be changed by you at any
    time through the ssh-keygen command, with the '-p' option.

[3] For more information:  `man ssh-agent`

-- 
Christopher

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

More information about the OLUG mailing list