THANKS LONI!
How to do — Certificate Based Authentication
1. Go into .ssh directory
cd ~/.ssh
2. create a file config with your favourite editor:
Host simpsons.com dohnuts
User homer
hostname simpsons.com
port 12345
The first line Host, identifies the domain, and the machine in that domain we which to reach.
The second line User, is the username on the host machine. In this case, homer
The third line, is the hostname.
The forth line is the port (usally 22, but for security reasons, we changed it from the default)
3. now do:
ssh-keygen
return on all of the prompts (i.e. take all the defaults)
It will look like this:
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bart/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bart/.ssh/id_rsa.
Your public key has been saved in /home/bart/.ssh/id_rsa.pub.
The key fingerprint is:
12:34:56 and so on.
The key’s randomart image is:
+–[ RSA 2048]—-+
4. Enter the following to copy the certificate to the machine:
ssh-copy-id -i ~/.ssh/id_rsa.pub dohnuts
You will get output that looks like:
:~/.ssh$ ssh-copy-id -i ~/.ssh/id_rsa.pub saturn
The authenticity of host ‘[simpsons.com]:12345 ([12.34.56.153]:12345)’ can’t be established.
RSA key fingerprint is ab:59:27:8a.
Are you sure you want to continue connecting (yes/no)? Yes
Warning: Permanently added ‘[simpsons.com]:12345,[12.34.56.153]:12345′ (RSA) to the list of known hosts.
Now try logging into the machine, with “ssh ‘dohnuts’”, and check in:
.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.
5. Now login, using your password to complete.
6. in the future you would type:
ssh dohnuts
Look Ma, no password!