SSH Public Key Authentication

This procedure is based on the commercial SSH product but should work in a similiar way with OpenSSH (just loose the “2” from the commands!). It shows how to use public keys with SSH to authenticate connections.

  1. Log on as the user that has this requirement and execute ssh-keygen2 . Follow the prompts, entering a secure pass phrase. A private and a public key will be added to $HOME/.ssh2 . By default these will have the names id_dsa2048_a and id_dsa2048_a.pub

  2. Under $HOME/.ssh2 create a file called identification containing:

  3. IdKey id_dsa_2048_a

  4. Ensure /etc/ssh2/ssh2_config allows public key authentication, e.g.

  5. AllowedAuthentications public key,password

  6. Copy the public key (e.g. id_dsa_2048_a.pub) to the $HOME/.ssh2 directory on the target server

  7. In $HOME/.ssh2 on the target server create a file called authorization containing

  8. Key id_dsa_2048_a.pub

  9. To avoid having to enter the pass phrase for every connection, use ssh-agent2. Start it as follows on the client, exec ssh-agent2 $SHELL

  10. On the source server, add the private key with ssh-add2 $HOME/.ssh2/id_dsa_2048_a and enter the pass phrase. Now when you connect, ssh-agent2 will answer the authentication query for you.

  11. The ssh-agent2/ssh-add2 is a “per session” solution only. When you log off, the set up is lost. You can add this to your profile so it’d set up each time you log on. However, it is also possible to set up a per-user, one time solution using the keychain progam. See http://www-106.ibm.com/developerworks/linux/library and search for keychain