2002-11-13
Critical servers could require public key authentication. This requires a key in addition to a password to login. So if someone with ill intent gains your password, he won’t be able to login because he doesn’t have the key. Even if he gained the root password, he wouldn’t be able to use it.
Generating OpenSSH Public and Private Keys
Login to the server you want to administrate and generate a public/private key pair. Lets say I want to setup up public key authentication on Silicon. I would login using as ahnooie and type the following commands:
$ ssh-keygen
This program will create a private key (id_rsa) and a public key (id_rsa.pub). Be sure to use a passphrase with your key.
$ cd ~/.ssh $ cp id_rsa.pub authorized_keys $ cp id_rsa.pub authorized_keys2 $ mv id_rsa b3n_rsa $ logout
Use SCP to copy the b3n_rsa file to your local computer. If you’re using Unix use this to login:
ssh -l ahnooie silicon -i b3n_rsa -2
If it works then you can use vipw as root to remove the password from “ahnooie”. Now the only way to login as “ahnooie” is with your public key.
Using SSH Keys with PuTTY for Windows
Download PuTTY and PuTTYgen from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Download your private key “silicon_rsa” from silicon. You can use WinSCP (available here: http://winscp.vse.cz/eng/download.php to download it (be sure to transfer it as ASCII). Or you can just login with PuTTY and copy and paste the the key into a text file and call it “silicon_rsa”
