Warning: strpos() [function.strpos]: needle is not a string or an integer in /home/beardedd/public_html/home/comments.php on line 34
hOme.beardedDonkey - ssh Information
ssh Information 
This post contains some information on ssh, generating identity keys for using with ssh and how to add/remove the keys to/from the host/client computers.

This post is also available in my shared Evernote HOWTOs Folder (with rich text formatting and possibly updated).


    What is ssh?
Identity Keys
What the Identity Keys are for
Generating Identity keys
Add You Identity to the ssh-agent on the Client
Transporting the Public Key to the Host
If you already ssh access the host with a password only
If you have no passworded ssh access to the host
Removing a Public Key from a Host
Removing a Private key from a Client's ssh-agent
Alternate Method for Associating a Private Key to a Host

What is ssh?

Secure Shell (ssh) is software that allows secure data communication. It establishes a secure channel over an insecure network, connecting an ssh client application with a ssh server.
To maximize ssh's security, you should use identity keys.

Identity Keys

Accessing another computer remotely via ssh alone doesn't guarantee security. To ensure you are accessing the correct host system identity keys should be generated and used to access the host.

What the Identity Keys are for

Private key - The private key should be kept on you (usb stick?), or on the device(s) you will be logging in from.
Public key - The public key needs to be stored on any host that you want to log in to.
These 2 keys form a set that work only with each other.
The ssh host has a copy of your public key. The host will use your public key to "lock" messages that it send to your computer. Your computer uses your private key to "unlock" those messages.
Your private key should also be protected by a pass phrase (as detailed below in Generating Identity Key on a Host). Why? If your device is lost, stolen or compromised and it has your private key on it the person that has your device will first need to crack the pass phrase protecting the private key before they can access any hosts you have access to. This affords you some time to access the host machine(s) and remove the public keys from them preventing access to those hosts using your now compromised private key.

Generating Identity Keys

To create a set of identity keys on a Linux host you can issue the following from a command line:
1. ssh-keygen -t dsa
2. Enter the identity key's filename when prompted (the filename defaults to id_dsa for DSA encryption) and press enter.
3. Enter a pass phrase for this identity key and press enter. Re-enter the pass phrase to confirm it is correct and press enter.
4. If there are any issues with the pass phrase the identity key will not be created and the reason will be displayed. Adjust the credentials to remedy the problem and try again.
5. Upon successful key generation there will be 2 files made. Default settings of ssh-keygen will create a file called id_dsa (the private key) and id_dsa.pub (the public key).

Add Your Identity to the ssh-agent on the Client

Once you have your keys you need to add your identity to the ssh-agent on your client computer (the computer you log in from). To do this, issue the following command:
By default ssh-add will look for the default named key files in ~/.ssh/
If you used custom file names you will need to add the file name as an argument, for example:
ssh-add MyKey.dsa.key
You will be asked for your key's pass phrase to add it to the ssh-agent if you set one. If ssh-add gives no output it probably means there are no default key files found in ~/.ssh/
You can view which identities are already added to the client's agent by doing this command:
ssh-add -l
When you add an identity to ssh-agent you will not need to type the pass phrase when connecting to the host via ssh.

Transporting the Public Key to the Host

Now that you have added your identity to the client's ssh-agent you need to get the public key onto your host so it can use your key to lock its transmission to you. There are a few ways this can be done.

If you already ssh access the host using a password only

You might have a host you already can access using a password only and want to increase your security by using identity keys. In this situation you can issue a ssh command to send the server the public key:
1. ssh-copy-id username@host
2. Type your login password and press enter.
3. ssh-copy-id will attempt to put the public key on the host for you. It will give further instructions on logging in and checking that the key was added correctly.
You can verify the public key has been added by logging into the host and looking in the ~/.ssh/authorized_keys file. It should contain the contents of your public key file on a single line.

If you have no passworded ssh access to the host

You may have an account on a host that doesn't allow a password only based log in method. Perhaps an account on a web host. You need a method to connect to your account so you can create or edit the ~/.ssh/authorized_keys file. Some web hosts may have an interface control panel that can do this for you, or you could try using FTP to access the authorized_keys file.

Removing a Public Key from a Host

In the event that you wish to revoke or remove access for a particular key from the host, you can simply edit the ~/.ssh/authorized_keys file on the host and remove the public key's entry from the file. Anyone using that key pair on the client will not be able to access the host with it.
Look at the end of each line and it should show you some details about the key that line is for. Probably a user name and host pair or something.

Removing a Private Key from a Client's ssh-agent

To remove all manually added private keys from a client's ssh-agent, do the following:
ssh-add -D
Verify they are removed with:
ssh-add -l

Alternate Method for Associating a Private Key to a Host

The ssh-agent method has some features that may be considered advantages or disadvantages depending on what you value most.
If you find you need to re-add the private key to the agent every time you reboot your client machine, you might want to use this method instead of the ssh-agent.
You can manually add identities to the ssh config file, found in ~/.ssh/config
Edit the file and add an identity line like this:
IdentityFile ~/.ssh/MyKey.dsa.key
If you want to associate a key to a particular host, you can add host credentials into the config file (for example):
Host somewhere
HostName somewhere.com
Port 12345
User username
IdentityFile ~/.ssh/somewhere.dsa.key
When you use this method, you will need to type your pass phrase when connecting to the host via ssh.


http://stackoverflow.com/questions/3466 ... -on-ubuntu

Comments are not available for this entry.