Archive for Tech Tip

Configuring SSH Key Authentication

This is a quick a dirty guide to creating key authentication for goofy between system earth and pluto. Of course, replace goofy, earth and pluto for what matches your network.

I am assuming that these are OS X or Linux/Unix based systems. Windows systems will need to download a tool like Putty, as ssh does not come as part of the OS by default.

These instructions were tested with the following systems:
earth (OS X El Capitan)
pluto (Ubuntu 12.04)

From a terminal, ssh into both earth and pluto either as goofy or with a user that can switch (ie. su) to goofy.

Create the id_rsa and id_rsa.pub keys

For this exercise, I am going to use RSA keys with no passphrase. If you want to use a different encryption protocol, I encourage you to Google ssh-keygan or utilize the man pages.

As goofy on earth and pluto, run the ssh-keygen command. This will create the .ssh directory if needed and create the public (id_rsa.pub) and private (id_rsa) RSA keys.

NOTE: You never want to give out the private key as this will compromise your system. It is the key used to decrypt the public key and ensure that its a valid public key for user.

Example (goofy on earth):

earth:~ goofy$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/goofy/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/goofy/.ssh/id_rsa.
Your public key has been saved in /Users/goofy/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bRDbQEI+dCHEnT2GnXQgWSAg3+VyMvYeKuhSJ91HN44  goofy@earth.local
The key's randomart image is:
+---[RSA 2048]----+
|  . .=BoX@+o.    |
|   o +.B=**.     |
|    . O =...     |
|     . B.oo      |
|   . . .S+o.     |
|  o.o .oEo.      |
| ..o. ...        |
|..   .           |
| ..              |
+----[SHA256]-----+

Perform the same action on pluto. To verify that the key files have been created you can look in the .ssh directory under your home directory for id_rsa and id_rsa.pub.

earth:~ goofy$ ls .ssh
id_rsa id_rsa.pub

You now have the public and private RSA keys necessary for key authentication.

Adding Public Key to Remote System

We are now going to setup the ability to log in from earth to pluto as the userid goofy only using the keys as authentication.

On pluto, go to the .ssh directory and open/create the file authorized_keys. This can be done with any editor of choice.

pluto:~ goofy$ cd .ssh
pluto:.ssh goofy$ nano authorized_keys

In that file, add the contents of the id_rsa.pub file from earth, save the file and then change the permissions to r– which can be performed with the following command.

chmod 600 authorized_keys

Perform the same steps on earth to allow key authentication from pluto to earth.

You now have said that goofy can authenticate via public/private RSA keys between earth and pluto. This can be tested by using the ssh command on either earth or pluto as goofy to connect to the other system.

Comments off