The first step is to create the keys pair. On your local machine, use the command ssh-keygen
:
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/olivier/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Choose a good passphrase Enter same passphrase again: One that you will remember! Your identification has been saved in /home/olivier/.ssh/id_rsa Your public key has been saved in /home/olivier/.ssh/id_rsa.pub The key fingerprint is: SHA256:9KGkuqzUgnUanHhYVDTa/ky3pq32LdSkF8Sb11nMzwA olivier@olivier The key's randomart image is: +---[RSA 3072]----+ | .o+ . E. o | | . o . o . +| | o . o..o . =.| | = o + o=.. o o| |o * o o S+.o | | + = = .o.o | |. + o o.o. | | . o ..+.. | | ..o.ooo.. | +----[SHA256]-----+ $
When you are asked for a passphrase, choose a good one, long enough to be secure. It must also be a phrase that you can remember. For example, it can be a mix between your favorite song and a movie you like.
This will have created two files:
id_rsa.pub
is the public key, you will need to copy it to every system you want to access with SSH;id_rsa
is you secret key. You must keep is very secure, if someone can get a copy of your secret key, they can potentially pirate your account.You need to install your public key id_rsa.pub
on every machine you will access with SSH.
In CSIM, the home directory is shared on all servers, it is enough to install your public key once to make it accessible on every servers. For every machines that are not a CSIM server, you will have to repeat the steps below.
scp .ssh/id_rsa.pub This email address is being protected from spambots. You need JavaScript enabled to view it.:.
ssh This email address is being protected from spambots. You need JavaScript enabled to view it.
Password for This email address is being protected from spambots. You need JavaScript enabled to view it.:.
.ssh
exists, else create it (mkdir .ssh
).authorized_keys
file: cat id_rsa.pub >>.ssh/authorized_keys
bazooka
with CTRL-D
and connect again to test the public/private keys authentication:
ssh This email address is being protected from spambots. You need JavaScript enabled to view it.
ssh-agent
ssh-agent
is a program that will keep your passphrase in the memory of your machine. Each time you use SSH, ssh-agent
will use that passphrase to authenticate.
But the passphrase is not stored on file, so after each reboot of your machine you will have to provide the passphrase once. And only once.
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-nlX9YC3kX9J5/agent.9725; export SSH_AUTH_SOCK;
SSH_AGENT_PID=9726; export SSH_AGENT_PID;
echo Agent pid 9726;
$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/olivier/.ssh/id_rsa:
Identity added: /home/olivier/.ssh/id_rsa (olivier@olivier)
$
The command ssh-agent
launches the agent, the command ssh-add
inform the agent it can use the private key (file id_rsa
) you created earlier.
You need to run these two commands each time you start your machine.