Here are the steps I went through to get public-key authentication working for my ssh connection to school. What this means is that I no longer have to type a password in when I connect; the server sends a message to my machine, which I decrypt, thereby convincing the server I am who I say I am.
First, you need to generate a public/private key-pair. I had to generate a SSH1 RSA key. To do this, required the following command, ssh-keygen -t rsa1. Don't enter a pass-phrase when prompted, save the files in the default locations with the default names. A pass-phrase is not quite needed if your home machine is secure, and it would defeat the purpose of this exercise, as we are trying to avoid typing passwords. This will produce two files, a private-key and a public-key.
Second, upload the generated public-key to the remote computer, using the command, scp identity.pub <user>@<server>:.ssh/authorized_keys. This will overwrite your authorized_keys file, if you already have one. I'm guessing you don't, since if you did, you would already know how to do this.
Third, try connecting to your server. You shouldn't be prompted for a password.
Now, why would you want to do this? Trust me when I say you will quickly grow sick of typing your complicated password every-time you want to do a cvs command which connects to a remote machine.
I think if you use ssh-agent when you start your X session then everything else you run in that X session will go to the agent to get the necessary password. You just tell the agent your password after you start it and then you only need to enter it once. Then you can avoid entering a password (frequently), but have slightly more security than using an empty password. I've never actually tried it though.
[Posted by Ryan on March 17, 2004 10:36 PM]Yeah, that's what ssh-agent does, but I don't really see the point. If only you have read/write/execute access on those files, logging in to your account with a password should be equally "safe" anyway.
So what finally let your stupid box ssh in? What was the problem?
[Posted by Ju-Lian on March 18, 2004 09:07 AM]I needed to generate an RSA 1 key. So that means I had to pick the key type rsa1, not rsa. I'm not sure why, because the school and I both use OpenSSH, they use version 3.6.2, I use 3.6.1.
[Posted by ramanan on March 18, 2004 09:16 AM]Next step: Fix your X windows tunnelling.
[Posted by Iluvitar on March 18, 2004 10:25 AM]This site is dead. Check out my new web site A Funkaoshi Production.
A simple blog of sorts. Updated sporadically at best. Here you will find my opinions on various topics of interest to me, or the goings on of my day. Yes, it's quite exciting I know.
Next: A Night Out.