Bureaucrats, confirmed, Administrators
4,558
edits
Changes
New page: There are a lot of things you can do with computers to create security, that's why '''Security is a process, not a product'''. One such thing is to use SSH Keys to authenticate with a rem...
There are a lot of things you can do with computers to create security, that's why '''Security is a process, not a product'''. One such thing is to use SSH Keys to authenticate with a remote host, rather than typing in your password all the time. Of course, using SSH Authentication keys is convenient as well.
== Secure Shell Key Authentication ==
Setting up SSH Key Authentication allows a user account to connect from one server to another without requiring a password login. This can be utilized for applications (e.g. Nagios monitoring other servers), as well as for publish scripts that move files around servers as well as individual users.
== Procedure ==
# If you are an administrator, please assume the role of the user for whom you are setting up this service.
## <code>sudo su ''user''</code>
# Ensure the user has a <code>~/.ssh/</code> directory with appropriate permissions. It must allow the user access for RWX, and group and other permissions must not be writable. Typically, 755 is a good setup. If they don't have one, then <source lang="bash">mkdir ~/.ssh/</source>
# Create a new private/public key pairing for the user. Type: RSA, Bits: 1024, File:~/.svn/identity[.pub]
## <source lang="bash">ssh-keygen -t rsa -b 1024 -f ~/.ssh/identity</source>
# Copy the contents of ~/.ssh/identity.pub so you can paste it in a file on the remote server.
# Login to the remote server and assume the role of the user for whom you are setting up this service in step 1 above.
# On the remote server, ensure the user account also has a <code>~/.ssh/</code> directory with the same permissions as in step 2 above.
# Open a [[Text Editor]] and edit ~/.ssh/authorized_keys
## Paste the public key from step 4 above into this file, on one line only.
# Try logging in from the first server to the second without using a password.
== Troubleshooting ==
Check <code>/var/log/auth.log</code> on the remote server for details if this doesn't work as expected.
[[Category:System Administration]]
[[Category:Howto]]
[[Category:Help]]
[[Category:Best Practices]]
== Secure Shell Key Authentication ==
Setting up SSH Key Authentication allows a user account to connect from one server to another without requiring a password login. This can be utilized for applications (e.g. Nagios monitoring other servers), as well as for publish scripts that move files around servers as well as individual users.
== Procedure ==
# If you are an administrator, please assume the role of the user for whom you are setting up this service.
## <code>sudo su ''user''</code>
# Ensure the user has a <code>~/.ssh/</code> directory with appropriate permissions. It must allow the user access for RWX, and group and other permissions must not be writable. Typically, 755 is a good setup. If they don't have one, then <source lang="bash">mkdir ~/.ssh/</source>
# Create a new private/public key pairing for the user. Type: RSA, Bits: 1024, File:~/.svn/identity[.pub]
## <source lang="bash">ssh-keygen -t rsa -b 1024 -f ~/.ssh/identity</source>
# Copy the contents of ~/.ssh/identity.pub so you can paste it in a file on the remote server.
# Login to the remote server and assume the role of the user for whom you are setting up this service in step 1 above.
# On the remote server, ensure the user account also has a <code>~/.ssh/</code> directory with the same permissions as in step 2 above.
# Open a [[Text Editor]] and edit ~/.ssh/authorized_keys
## Paste the public key from step 4 above into this file, on one line only.
# Try logging in from the first server to the second without using a password.
== Troubleshooting ==
Check <code>/var/log/auth.log</code> on the remote server for details if this doesn't work as expected.
[[Category:System Administration]]
[[Category:Howto]]
[[Category:Help]]
[[Category:Best Practices]]