Monday, September 20, 2010

SSH: setting up key authorization only (authorized_keys)

This is a great site for dealing ssh key authorization.


The problem with sites that help you setup ssh key authorization is that they typically leave out the specific chmod commands (permissions) that you need to make the darn thing work!

What I mean to say is that people need to see an example of how this works and not just out of context commands and scripts.

Here is an example of a Mac OS X ssh client trying to setup ssh key authorization with a CentOS ssh server.

on the Mac, issue the following commands (you may or may not want a pass phrase on your private key), also substitute your username and hostname in where the double quotes are.

1. ssh-keygen -t dsa
2. scp .ssh/id_dsa.pub "user"@"CentOS host":~
3. ssh "user"@"CentOS host"

on the CentOS server

1. mkdir .ssh (this directory may or may not already be there; it should be safe to issue either way)
2. cat id_dsa.pub > .ssh/authorized_keys
3. chmod 755 .ssh && chmod 755 .ssh/authorized_keys

on Mac again: (hit ctrl-D to log off the server)

1. ssh -vvv "user"@"CentOS host"

The ssh client should log you in without a password if there is not password protected private key. If you protected your private key with a password, then it should ask for the password for the private key. Ssh should NOT ask you to provide a login for the shell on the remote side. The triple 'V' will display a verbose list of the conversation going on betwix client and server.



1 comment:

Jason Noble said...

If you have Homebrew installed on OS X, you can run "brew install ssh-copy-id". Then after you generate your key, simply run "ssh-copy-id server" and it will create the .ssh directory on the server (if it doesn't exist) and then add your key to the authorized_keys file.