This section shows how to set up key/passphrase authentication using an SSH client and server from SSH Communications.
client>/etc/ssh2# ls -al
.
-rw-r--r-- 1 root root 2366 2005-08-08 11:57 ssh2_config
.
which contains
## User public key authentication
# IdentityFile identification
# RandomSeedFile random_seed
and
## Authentication
## publickey, keyboard-interactive and password allowed by default
## Least interactive method should be usually attempted first.
AllowedAuthentications publickey,keyboard-interactive
# AllowedAuthentications hostbased,publickey,keyboard-interactive,password
Generate the private/public key pair:
/usr/local/bin/ssh-keygen2 -b 2048 -t dsa
This can be done on server or client.
The public key must exist on the server; the private key on the client. After generating the keys, copy files between client and server as necessary to ensure that this is so.
On the client:
:~/.ssh2# ls -l
drwx------ 3 root root 1 2005-08-08 12:15 .
drwxr-xr-x 6 root root 1 2005-08-08 11:48 ..
drwx------ 2 root root 1 2005-08-08 11:52 hostkeys
-rw------- 1 root root 1 2005-08-08 11:49 id_dsa_2048_a
-rw-r--r-- 1 root root 1 2005-08-08 11:49 id_dsa_2048_a.pub
-rw------- 1 root root 1 2005-08-08 12:15 identification
-rw------- 1 root root 1 2005-08-08 14:16 random_seed
where cat identification
IdKey id_dsa_2048_a
N.B. The permissions on .ssh2 and the files within must
be rw-owner-only (except for the public key).
cat id_dsa_2048_a
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Subject: root
Comment: "2048-bit dsa, fred@mac2, Mon Aug 08 2005 11:49:38 +0100"
P2/56wAAAUIAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA
. .
. .
. .
. .
617/..............................................................ILBg
7FhFhZvZyQ==
---- END SSH2 ENCRYPTED PRIVATE KEY ----
and cat id_dsa_2048_a.pub
---- BEGIN SSH2 PUBLIC KEY ----
Subject: root
Comment: "2048-bit dsa, fred@mac2, Mon Aug 08 2005 11:49:38 +0100"
AAAA.............................................................Wi90z
. .
. .
h/CT..............................................................7/88
iZHbbis/EmqJkO9UHmYu5zxOvYdURYfvqw8uPWvuhQ==
---- END SSH2 PUBLIC KEY ----
ls -al ~/.ssh2
drwx------ 2 sylo2stage other 512 Aug 8 14:17 .
drwx--x--x 3 sylo2stage other 512 Aug 8 11:50 ..
-rw------- 1 sylo2stage other 62 Aug 8 12:21 authorization
-rw-r--r-- 1 sylo2stage other 472 Aug 8 11:50 id_dsa_2048_a.pub.sylo2
-rw------- 1 sylo2stage other 512 Aug 8 10:56 random_seed
where cat authorization
Key id_dsa_2048_a.pub.sylo2
Key id_dsa_2048_a.pub.sylo2.open
N.B. The permissions on .ssh2 and the files within must
be rw-owner-only (except for the public key).
Confirm which SSH client we are using and attempt to authenticate to a remote server in verbose mode:
client> /usr/local/bin/ssh2 -V
ssh2: SSH Secure Shell 3.2.9.1 (non-commercial version) on...
client> /usr/local/sbin/ssh2 -v fred@server.umist.ac.uk
.
.
debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version: SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial)
debug: client supports 2 auth methods: 'publickey,keyboard-interactive'
debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip = 130.88.200.231, local port = 45033
debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip = 130.88.99.10, remote port = 2222
.
debug: Remote version: SSH-2.0-3.2.9.1 SSH Secure Shell (non-commercial)
.
debug: Remote host key found from database.
.
[ messages from server ]
.
Authentication successful.
.
debug[26492]: Environment:
debug[26492]: HOME=/export/u03/sylo2stage
.
.
Last login: Mon Aug 08 2005 11:24:38 from sylo2.mc.man.ac.
.
[ messages from server ]
server>
On the server (running in verbose mode too) we see
server> /usr/local/sbin/sshd2 -v
sshd2: SSH Secure Shell 3.2.9.1 (non-commercial version) on sparc-sun-solaris2.7
.
debug[26713]: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version: SSH-2.0-3.2.9.1 SSH Secure Shell (non-commercial)
.
debug[26713]: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip = 130.88.99.10, local port = 2222
debug[26713]: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip = 130.88.200.231, remote port = 45033
debug[26713]: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
.
debug[26713]: Remote version: SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial)
debug[26713]: Major: 3 Minor: 2 Revision: 9
.
debug[26713]: Sshd2/sshd2.c:1572/auth_policy_proc: output: publickey,keyboard-interactive,password
debug[26713]: Ssh2AuthPubKeyServer/auths-pubkey.c:1412/ssh_server_auth_pubkey: Public key algorithm is ssh-dss
debug[26713]: Ssh2AuthPubKeyServer/auths-pubkey.c:1016/ssh_server_auth_pubkey_verify: Public key /export/u03/sylo2stage/.ssh2/id_dsa_2048_a.pub.sylo2, size 2048.
debug[26713]: Ssh2AuthPubKeyServer/auths-pubkey.c:1412/ssh_server_auth_pubkey: Public key algorithm is ssh-dss
debug[26713]: Ssh2AuthPubKeyServer/auths-pubkey.c:1016/ssh_server_auth_pubkey_verify: Public key /export/u03/sylo2stage/.ssh2/id_dsa_2048_a.pub.sylo2, size 2048.
debug[26713]: Sshd2/sshd2.c:1142/auth_policy_proc: user 'sylo2stage' service 'ssh-connection' client_ip '130.88.200.231' client_port 45033' completed 'publickey'
.
| ...previous | up (conts) | next... |