THANKS LONI!
How to do — Certificate Based Authentication
1. Go into .ssh directory
cd ~/.ssh
3. now do:
ssh-keygen
return on all of the prompts (i.e. take all the defaults)
It will look like this:
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bart/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bart/.ssh/id_rsa.
Your public key has been saved in /home/bart/.ssh/id_rsa.pub.
The key fingerprint is:
12:34:56 and so on.
The key’s randomart image is:
+–[ RSA 2048]—-+
4. Enter the following to copy the certificate to the machine:
ssh-copy-id -i ~/.ssh/id_rsa.pub dohnuts
You will get output that looks like:
:~/.ssh$ ssh-copy-id -i ~/.ssh/id_rsa.pub simpsons
The authenticity of host ‘[simpsons.com]:12345 ([12.34.56.153]:12345)’ can’t be established.
RSA key fingerprint is ab:59:27:8a.
Are you sure you want to continue connecting (yes/no)? Yes
Warning: Permanently added ‘[simpsons.com]:12345,[12.34.56.153]:12345’ (RSA) to the list of known hosts.
Now try logging into the machine, with “ssh ‘dohnuts'”, and check in:
.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.
5. Now login, using your password to complete.
6. in the future you would type:
ssh dohnuts
Look Ma, no password!
Related Articles
2 users responded in this post
Nice, you even got the part about using ssh-copy-id instead of shlepping everyting over manually. But IIRC I’ve only ever had to type “ssh-copy-id ” and it all just works.
grr, wordpress mangled my post and turned it into an impossible claim. I guess you can’t say “left bracket, option, right bracket” because wordpress will devour it without a trace…