How to do Certificate Based ssh Authentication

THANKS LONI!

How to do — Certificate Based Authentication

1. Go into .ssh directory

cd ~/.ssh

2. create a file config with your favourite editor:

Host simpsons.com dohnuts
User homer
hostname simpsons.com
port 12345


The first line Host, identifies the domain, and the machine in that domain we which to reach.

The second line User, is the username on the host machine. In this case, homer

The third line, is the hostname.

The forth line is the port (usally 22, but for security reasons, we changed it from the default)

3. now do:

ssh-keygen

return on all of the prompts (i.e. take all the defaults)

It will look like this:

ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bart/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bart/.ssh/id_rsa.
Your public key has been saved in /home/bart/.ssh/id_rsa.pub.
The key fingerprint is:
12:34:56 and so on.
The key’s randomart image is:
+–[ RSA 2048]—-+

4. Enter the following to copy the certificate to the machine:

ssh-copy-id -i ~/.ssh/id_rsa.pub dohnuts

You will get output that looks like:

:~/.ssh$ ssh-copy-id -i ~/.ssh/id_rsa.pub saturn
The authenticity of host ‘[simpsons.com]:12345 ([12.34.56.153]:12345)’ can’t be established.
RSA key fingerprint is ab:59:27:8a.

Are you sure you want to continue connecting (yes/no)? Yes
Warning: Permanently added ‘[simpsons.com]:12345,[12.34.56.153]:12345′ (RSA) to the list of known hosts.

Now try logging into the machine, with “ssh ‘dohnuts’”, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

5. Now login, using your password to complete.

6. in the future you would type:

ssh dohnuts

Look Ma, no password!