Difference between revisions of "Configure SSH"
(Change source-code blocks to standard format) |
(changing passwd) |
||
Line 5: | Line 5: | ||
}} | }} | ||
− | To set up key-based login, first create a pub/private key combo | + | To set up key-based login, first create a pub/private key combo, enter a password which is used to restrict access to the private key. |
<source> | <source> | ||
ssh-keygen -t rsa | ssh-keygen -t rsa | ||
Line 16: | Line 16: | ||
You can also prevent password login if you like as key-based login is stronger, just set the ''PasswordAuthentication'' setting to ''no''. | You can also prevent password login if you like as key-based login is stronger, just set the ''PasswordAuthentication'' setting to ''no''. | ||
+ | |||
+ | == Adding or removing the password on your private key == | ||
+ | If your private key has no password on it, you can create a new copy of the key that has a password like this: | ||
+ | <source> | ||
+ | openssl rsa -des3 -in ~/.ssh/id_rsa -out your.encrypted.key | ||
+ | </source> | ||
+ | |||
+ | To remove the password (which you can do if you want to add a different password afterwards) use this command: | ||
+ | <source> | ||
+ | openssl rsa -in ~/.ssh/id_rsa -out your.open.key | ||
+ | </source> | ||
== See also == | == See also == | ||
*[[Install a new server]] | *[[Install a new server]] |
Revision as of 13:45, 3 December 2016
Configure SSH Organic Design procedure |
To set up key-based login, first create a pub/private key combo, enter a password which is used to restrict access to the private key.
ssh-keygen -t rsa
That will create the files (id_rsa and id_rsa.pub) in your ~/.ssh folder. You then copy the pub one to a file called authorized_keys in your ~/.ssh folder in any machines you want to log in to without using password.
You may need to adjust your /etc/ssh/sshd_config to allow it by setting RSAAuthentication and PubkeyAuthentication to yes and also check that the file it expects the pub key to be in is indeed ~/.ssh/authorized_keys in the AuthorizedKeysFile setting.
You can also prevent password login if you like as key-based login is stronger, just set the PasswordAuthentication setting to no.
Adding or removing the password on your private key
If your private key has no password on it, you can create a new copy of the key that has a password like this:
openssl rsa -des3 -in ~/.ssh/id_rsa -out your.encrypted.key
To remove the password (which you can do if you want to add a different password afterwards) use this command:
openssl rsa -in ~/.ssh/id_rsa -out your.open.key