This section shows how to set up key/passphrase authentication using an SSH client and server from SSH Communications.
client>/etc/ssh2# ls -al . -rw-r--r-- 1 root root 2366 2005-08-08 11:57 ssh2_config .which contains
## User public key authentication # IdentityFile identification # RandomSeedFile random_seedand
## Authentication ## publickey, keyboard-interactive and password allowed by default ## Least interactive method should be usually attempted first. AllowedAuthentications publickey,keyboard-interactive # AllowedAuthentications hostbased,publickey,keyboard-interactive,password
Generate the private/public key pair:
/usr/local/bin/ssh-keygen2 -b 2048 -t dsaThis can be done on server or client.
The public key must exist on the server; the private key on the client. After generating the keys, copy files between client and server as necessary to ensure that this is so.
On the client:
:~/.ssh2# ls -l drwx------ 3 root root 1 2005-08-08 12:15 . drwxr-xr-x 6 root root 1 2005-08-08 11:48 .. drwx------ 2 root root 1 2005-08-08 11:52 hostkeys -rw------- 1 root root 1 2005-08-08 11:49 id_dsa_2048_a -rw-r--r-- 1 root root 1 2005-08-08 11:49 id_dsa_2048_a.pub -rw------- 1 root root 1 2005-08-08 12:15 identification -rw------- 1 root root 1 2005-08-08 14:16 random_seedwhere cat identification
IdKey id_dsa_2048_aN.B. The permissions on .ssh2 and the files within must be rw-owner-only (except for the public key).
cat id_dsa_2048_a
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Subject: root Comment: "2048-bit dsa, fred@mac2, Mon Aug 08 2005 11:49:38 +0100" P2/56wAAAUIAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA . . . . . . . . 617/..............................................................ILBg 7FhFhZvZyQ== ---- END SSH2 ENCRYPTED PRIVATE KEY ----and cat id_dsa_2048_a.pub
---- BEGIN SSH2 PUBLIC KEY ---- Subject: root Comment: "2048-bit dsa, fred@mac2, Mon Aug 08 2005 11:49:38 +0100" AAAA.............................................................Wi90z . . . . h/CT..............................................................7/88 iZHbbis/EmqJkO9UHmYu5zxOvYdURYfvqw8uPWvuhQ== ---- END SSH2 PUBLIC KEY ----
ls -al ~/.ssh2 drwx------ 2 sylo2stage other 512 Aug 8 14:17 . drwx--x--x 3 sylo2stage other 512 Aug 8 11:50 .. -rw------- 1 sylo2stage other 62 Aug 8 12:21 authorization -rw-r--r-- 1 sylo2stage other 472 Aug 8 11:50 id_dsa_2048_a.pub.sylo2 -rw------- 1 sylo2stage other 512 Aug 8 10:56 random_seedwhere cat authorization
Key id_dsa_2048_a.pub.sylo2 Key id_dsa_2048_a.pub.sylo2.openN.B. The permissions on .ssh2 and the files within must be rw-owner-only (except for the public key).
Confirm which SSH client we are using and attempt to authenticate to a remote server in verbose mode:
client> /usr/local/bin/ssh2 -V ssh2: SSH Secure Shell 3.2.9.1 (non-commercial version) on... client> /usr/local/sbin/ssh2 -v fred@server.umist.ac.uk . . debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version: SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial) debug: client supports 2 auth methods: 'publickey,keyboard-interactive' debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip = 130.88.200.231, local port = 45033 debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip = 130.88.99.10, remote port = 2222 . debug: Remote version: SSH-2.0-3.2.9.1 SSH Secure Shell (non-commercial) . debug: Remote host key found from database. . [ messages from server ] . Authentication successful. . debug[26492]: Environment: debug[26492]: HOME=/export/u03/sylo2stage . . Last login: Mon Aug 08 2005 11:24:38 from sylo2.mc.man.ac. . [ messages from server ] server>On the server (running in verbose mode too) we see
server> /usr/local/sbin/sshd2 -v sshd2: SSH Secure Shell 3.2.9.1 (non-commercial version) on sparc-sun-solaris2.7 . debug[26713]: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version: SSH-2.0-3.2.9.1 SSH Secure Shell (non-commercial) . debug[26713]: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip = 130.88.99.10, local port = 2222 debug[26713]: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip = 130.88.200.231, remote port = 45033 debug[26713]: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping... . debug[26713]: Remote version: SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial) debug[26713]: Major: 3 Minor: 2 Revision: 9 . debug[26713]: Sshd2/sshd2.c:1572/auth_policy_proc: output: publickey,keyboard-interactive,password debug[26713]: Ssh2AuthPubKeyServer/auths-pubkey.c:1412/ssh_server_auth_pubkey: Public key algorithm is ssh-dss debug[26713]: Ssh2AuthPubKeyServer/auths-pubkey.c:1016/ssh_server_auth_pubkey_verify: Public key /export/u03/sylo2stage/.ssh2/id_dsa_2048_a.pub.sylo2, size 2048. debug[26713]: Ssh2AuthPubKeyServer/auths-pubkey.c:1412/ssh_server_auth_pubkey: Public key algorithm is ssh-dss debug[26713]: Ssh2AuthPubKeyServer/auths-pubkey.c:1016/ssh_server_auth_pubkey_verify: Public key /export/u03/sylo2stage/.ssh2/id_dsa_2048_a.pub.sylo2, size 2048. debug[26713]: Sshd2/sshd2.c:1142/auth_policy_proc: user 'sylo2stage' service 'ssh-connection' client_ip '130.88.200.231' client_port 45033' completed 'publickey' .
...previous | up (conts) | next... |