Creating SSH keys
On a linux host begin by creating your keys using the ssh-keygen command
$ ssh-keygen -t rsa -b 2048
This will prompt you for a secret passphrase. Make sure to use a good passphrase.
Two files will be created when this completes: id_dsa and id_dsa.pub in your /home/$USER/.ssh dir.
Note: it is possible to just press the enter key when prompted for a passphrase, which will make a key with no passphrase. This is a Bad Idea for an identity key, so don't do it!
The id_dsa is your private key which needs to reside on the server where you wish to originate your ssh connection (~/.ssh/id_rsa). The id_dsa.pub is your public key, and needs to be copied into the ~/.ssh/authorized_keys file on the destination server. To copy the key to your destination server:
$ scp ~/.ssh/id_rsa.pub DESTINATION_HOST:.ssh/authorized_keys2
Using ssh-agent
So, your key has been created and you've copied the public key to all your destination hosts. Here's how you can avoid entering the key's passphrase each time.
Startup ssh-agent using eval which will run it in your current shell
eval `ssh-agent`
Now, we'll add the keys into the agent.
ssh-add ~/.ssh/id_rsa
You can now list the key(s) in your agent:
ssh-add -l
2048 cc:ae:81:d4:d8:dc:1e:12:38:87:cf:1d:83:91:26:df id_rsa (RSA)
Using this shell, you can now ssh to your destination hosts without re-entering the key's passphrase.
To automate ssh-agent, you can place the following into your .bashrc file:
SSH_ENV=$HOME/.ssh/environment
function start_agent {
echo "Initialising new SSH agent..."
/usr/bin/ssh-agent | sed 's/^echo/#echo/' > ${SSH_ENV}
echo succeeded
chmod 600 ${SSH_ENV}
. ${SSH_ENV} > /dev/null
/usr/bin/ssh-add;
}
# Source SSH settings, if applicable
if [ -f "${SSH_ENV}" ]; then
. ${SSH_ENV} > /dev/null
ps ax | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
start_agent;
}
else
start_agent;
No comments:
Post a Comment