Copyright 2022 - CSIM - Asian Institute of Technology

Creating your keys

The first step is to create the keys pair. On your local machine, use the command ssh-keygen:

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/olivier/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): Choose a good passphrase
Enter same passphrase again:                One that you will remember!
Your identification has been saved in /home/olivier/.ssh/id_rsa
Your public key has been saved in /home/olivier/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:9KGkuqzUgnUanHhYVDTa/ky3pq32LdSkF8Sb11nMzwA olivier@olivier
The key's randomart image is:
+---[RSA 3072]----+
|  .o+    .  E. o |
| . o .    o   . +|
|  o .   o..o . =.|
| = o   + o=.. o o|
|o * o o S+.o     |
| + = = .o.o      |
|. + o o.o.       |
| . o ..+..       |
|  ..o.ooo..      |
+----[SHA256]-----+
$

When you are asked for a passphrase, choose a good one, long enough to be secure. It must also be a phrase that you can remember. For example, it can be a mix between your favorite song and a movie you like.

This will have created two files:

  • id_rsa.pub is the public key, you will need to copy it to every system you want to access with SSH;
  • id_rsa is you secret key. You must keep is very secure, if someone can get a copy of your secret key, they can potentially pirate your account.

Installing your public key on the target machine

You need to install your public key id_rsa.pub on every machine you will access with SSH.

In CSIM, the home directory is shared on all servers, it is enough to install your public key once to make it accessible on every servers. For every machines that are not a CSIM server, you will have to repeat the steps below.

  1. Copy the key file to the target machine:

        scp .ssh/id_rsa.pub This email address is being protected from spambots. You need JavaScript enabled to view it.:.

    Use CSIM password.

  2.  Connect to the remote machine:

        ssh This email address is being protected from spambots. You need JavaScript enabled to view it.
        Password for This email address is being protected from spambots. You need JavaScript enabled to view it.:.
     
    Use CSIM password.
       
  3. Check if the directory .ssh exists, else create it (mkdir .ssh).

  4. Copy your public key to the authorized_keys file:

       cat id_rsa.pub >>.ssh/authorized_keys

  5. Disconnect from bazooka with CTRL-D and connect again to test the public/private keys authentication:

        ssh This email address is being protected from spambots. You need JavaScript enabled to view it.

    Instead of a password, you are asked for your passphrase. In graphical environment, a window will pop-up.passphrase s

    It is tempting to use the check box to remember the passphrase between each reboot of your machine, but it is a bad idea: it would mean that the very important passphrase is saved oin a file, somewhere on your machine. Now your very private key and the passphrase to access your very private key are on the same machine, very likely to be compromised!

Running up ssh-agent

 ssh-agent is a program that will keep your passphrase in the memory of your machine. Each time you use SSH, ssh-agent will use that passphrase to authenticate.

But the passphrase is not stored on file, so after each reboot of your machine you will have to provide the passphrase once. And only once.

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-nlX9YC3kX9J5/agent.9725; export SSH_AUTH_SOCK;
SSH_AGENT_PID=9726; export SSH_AGENT_PID;
echo Agent pid 9726;
$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/olivier/.ssh/id_rsa:
Identity added: /home/olivier/.ssh/id_rsa (olivier@olivier)
$

The command ssh-agent launches the agent, the command ssh-add inform the agent it can use the private key (file id_rsa) you created earlier.

You need to run these two commands each time you start your machine.

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology