This is an old revision of the document!
SSH
PUBLIC KEY AUTHENTICATION
SSH AGENT
ssh-agent is a background process that holds your decrypted private keys in memory so you don't have to type the passphrase every time you SSH somewhere. Private SSH keys should be encrypted on disk with a passphrase. Without an agent, every ssh, git pull, scp etc. would prompt you to type that passphrase to decrypt the key.
SSH keeys come in pairs:
- .ssh/id_rsa - private key
- .ssh/id_rsa.pub - public key
Public key should be copied to servers into ~/.ssh/authorized_keys (it let's the server authenticate the user).
During the client authentication, the client will use its private key, and it will be verified by the public key stored in ~/.ssh/authorized_keys.
Private key is password protected when encrypted. A passphrase is only used to unlock the private key locally and is not transmitted in any form to the remote host.
GENERATING KEYS
This will generate private/public keys in the default directory:
$ ssh-keygen -b 4096 # default size is 2048
Files are here:
clienthost:~ user$ ls -l .ssh/ | grep id -rw------- 1 user user 1831 Aug 10 20:50 id_rsa -rw-r--r-- 1 user user 407 Aug 10 20:50 id_rsa.pub
After public key is copied to remote serve:
$ chmod 700 .ssh/ $ chmod 600 ~/.ssh/authorized_keys # paste your public key into this file
There is also a simpler way to copy a public key:
$ ssh-copy-id pi@192.168.2.73
SSHD
/etc/ssh/sshd_config:
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
MANAGING PASSPHRASE
$ ssh-agent $ ssh-add
