Difference between revisions of "Configure SSH"

From Organic Design wiki
(Change source-code blocks to standard format)
(644)
 
(3 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
}}
 
}}
  
To set up key-based login, first create a pub/private key combo:
+
To set up key-based login, first create a pub/private key combo, enter a password which is used to restrict access to the private key.
 
<source>
 
<source>
 
ssh-keygen -t rsa
 
ssh-keygen -t rsa
Line 11: Line 11:
  
 
That will create the files (id_rsa and id_rsa.pub) in your ''~/.ssh'' folder. You then copy the pub one to a file called
 
That will create the files (id_rsa and id_rsa.pub) in your ''~/.ssh'' folder. You then copy the pub one to a file called
'''authorized_keys''' in your ''~/.ssh'' folder in any machines you want to log in to without using password.
+
'''authorized_keys''' in your ''~/.ssh'' folder (and be sure to set the mode of the ''authorized_keys'' to 644!) in any machines you want to log in to without using password.
  
 
You may need to adjust your '''/etc/ssh/sshd_config''' to allow it by setting ''RSAAuthentication'' and ''PubkeyAuthentication'' to ''yes'' and also check that the file it expects the pub key to be in is indeed ''~/.ssh/authorized_keys'' in the ''AuthorizedKeysFile'' setting.
 
You may need to adjust your '''/etc/ssh/sshd_config''' to allow it by setting ''RSAAuthentication'' and ''PubkeyAuthentication'' to ''yes'' and also check that the file it expects the pub key to be in is indeed ''~/.ssh/authorized_keys'' in the ''AuthorizedKeysFile'' setting.
  
 
You can also prevent password login if you like as key-based login is stronger, just set the ''PasswordAuthentication'' setting to ''no''.
 
You can also prevent password login if you like as key-based login is stronger, just set the ''PasswordAuthentication'' setting to ''no''.
 +
 +
== Adding or removing the password on your private key ==
 +
If your private key has no password on it, you can create a new copy of the key that has a password like this:
 +
<source>
 +
openssl rsa -des3 -in ~/.ssh/id_rsa -out your.encrypted.key
 +
</source>
 +
 +
To remove the password (which you can do if you want to add a different password afterwards) use this command:
 +
<source>
 +
openssl rsa -in ~/.ssh/id_rsa -out your.open.key
 +
</source>
  
 
== See also ==
 
== See also ==
 
*[[Install a new server]]
 
*[[Install a new server]]
 +
*[[SSH]]
 +
*[[SSL]]

Latest revision as of 16:36, 17 November 2018

Procedure.svg Configure SSH
Organic Design procedure

To set up key-based login, first create a pub/private key combo, enter a password which is used to restrict access to the private key.

ssh-keygen -t rsa

That will create the files (id_rsa and id_rsa.pub) in your ~/.ssh folder. You then copy the pub one to a file called authorized_keys in your ~/.ssh folder (and be sure to set the mode of the authorized_keys to 644!) in any machines you want to log in to without using password.

You may need to adjust your /etc/ssh/sshd_config to allow it by setting RSAAuthentication and PubkeyAuthentication to yes and also check that the file it expects the pub key to be in is indeed ~/.ssh/authorized_keys in the AuthorizedKeysFile setting.

You can also prevent password login if you like as key-based login is stronger, just set the PasswordAuthentication setting to no.

Adding or removing the password on your private key

If your private key has no password on it, you can create a new copy of the key that has a password like this:

openssl rsa -des3 -in ~/.ssh/id_rsa -out your.encrypted.key

To remove the password (which you can do if you want to add a different password afterwards) use this command:

openssl rsa -in ~/.ssh/id_rsa -out your.open.key

See also