Tuesday, May 13, 2008

How to SSH -Keygen in one command Part I.

During the course of a day I need to shell into a handful of different linux servers to perform a variety of sys admin tasks . To do this securely I use the ssh 2 protocol. Since the ssh protocol is encrypted no text is passed via clear text, which could make it easy for any bad guys to sniff or capture the packets and find out my passwords.

Using public and private keys ssh authorization and text expander I have my login down to as few as four keystrokes. The best part of this is that after creating all of my authorized_keys I can put them on my iPhone and then ssh in from anywhere without having to lookup my passwords.

In this post I will cover the creation of the authorized public_private keys and sending it to the server with one command line.

For this to work correctly you will have to enable SSH on the computer you are sending from and unblock or map your ssh port in your firewall and or router.

On your local computer create a strong dsa public private key pair using the shell command below.

local-computer$ ssh-keygen -t dsa

(Do not enter a pass phrase, just hit enter)

Now lets transfer the id_dsa.pub key to your user dir on the host machine

ssh yourusername@server_to_connect_to "echo `ssh your-computer.local cat .ssh/id_dsa.pub` >> .ssh/authorized_keys"

Obviously you want to replace yourusername@server_to_connect_to with your login@the ip address or domain name of the server you are connecting to.

For this login you will need to enter your passwords, first of the local computer and then of the server you are connecting too.

After this step you can try to connect using ssh yourloginname@domain.com and see if you can can log in without a password.

If you cant log in without a password check the server logs, if you see an error like this

Authentication refused: bad ownership or modes for directory

If you do you will need to change permissions on the server by issuing the following commands on the server.

server$ chmod go-w ~/

server$ chmod 700 ~/.ssh

server$ chmod 600 ~/.ssh/authorized_keys

Now try to connect again using ssh yourloginname@domain.com.

Success!! Now issue the command again on each of the servers that you need to ssh into and you are good to go.

In part 2 We will cover using text expander on the Mac or auto-key on linux to shorten your logins down to a few keystrokes.

In part 3 We will cover using this method from your iPhone.





No comments: