| English | 日本語 |

Tokyo Linux Users Group

Author: Josh Glover

Introduction

This guide instructs you on creating an SSH keypair to use for passwordless authentication. This solution should not be used for serious security; see instead ssh-agent.

Generating a Keypair

To generate a keypair, run:

ssh-keygen -t dsa

(you are advised not to protect the key with a password, as you will then be prompted for the password everytime you connect). The keypair will be saved (by default) in $HOME/.ssh/id_dsa, and $HOME/.ssh/id_dsa.pub (the .pub file is the public key, and the other is the corresponding private key).

Setting Permissions

Now, set the permissions to protect your $HOME/.ssh/ directory. (Note that these modes are the most lax permissions that these files and directories are allowed to have. You may certainly set the permissions stricter.)

chmod 711 $HOME/
chmod 700 $HOME/.ssh/
chmod 644 $HOME/.ssh/*
chmod 600 $HOME/.ssh/id_dsa

Adding Public Key to Remote authorized_keys Files

Finally, add the public key to the $HOME/.ssh/authorized_keys file on each machine to which you wish to connect and set the correct permissions. (Note that you will be prompted for a password with each command. An alternative is to login to server and run the commands locally. If you do so, remove the quoting from the rightmost arguments.)

cat $HOME/.ssh/id_dsa.pub server 'cat >>.ssh/authorized_keys'
ssh server chmod 711 $HOME/
ssh server chmod 700 $HOME/.ssh
ssh server chmod 644 $HOME/.ssh/authorized_keys

For each machine you want to be able to connect from, first copy the id_dsa file (the private key) to that machine, then follow the above steps.

SSH_Keypair_Authentication