====== PUBLIC KEY AUTHENTICATION FOR SSH ======
==== OVERVIEW ====
SSH keeys come in pairs:
* //.ssh/id_rsa// - private key
* //.ssh/id_rsa.pub// - public key
Public key should be copied to servers into //~/.ssh/authorized_keys// (it let's the server authenticate the user).
During the client authentication, the client will use its private key, and it will be verified by the public key stored in //~/.ssh/authorized_keys//.
Private key is password protected when encrypted. A passphrase is only used to unlock the private key locally and is not transmitted in any form to the remote host.
==== GENERATING KEYS ====
This will generate private/public keys in the default directory:
$ ssh-keygen -b 4096 # default size is 2048
Files are here:
clienthost:~ user$ ls -l .ssh/ | grep id
-rw------- 1 user user 1831 Aug 10 20:50 id_rsa
-rw-r--r-- 1 user user 407 Aug 10 20:50 id_rsa.pub
After public key is copied to remote serve:
$ chmod 700 .ssh/
$ chmod 600 ~/.ssh/authorized_keys # paste your public key into this file
There is also a simpler way to copy a public key:
$ ssh-copy-id pi@192.168.2.73
==== SSHD ====
/etc/ssh/sshd_config:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
==== MANAGING PASSPHRASE ====
$ ssh-agent
$ ssh-add