Set Up SSH
Setting up SSH will allow you to log in to our various servers without using password authentication. This is a great convenience, and it tends to be more secure.
Here's how to do it.
Your Local Machine
From the machine you will be using to connect to the remote machine:
- switch to your ~/.ssh/ directory:
- run this command:
ssh-keygen -t dsa
Note: this is using SSH-2 - which if you're using a new Mac will probably be the default. If you are using SSH-1 you need the command:
ssh-keygen -t rsa1
Then select the default name for the key and leave the pass phrase blank (pressing enter twice).
Now within the ~/.ssh/ directory is a file either called id_dsa.pub or identity.pub (depending on the version of SSH you are using).
Keep note of this file, we'll need the contents of it for step 2.
For Windows Users: You should generate your keys on the server, and then download the privacy key to your local computer (remember to delete it on the server) and copy your public key to the right folder with a right name. Otherwise you may get frustrated.
Putty.exe - for connecting to the remote server;
PuttyGen.exe - for change the public key to a windows-usable version which can help you log in automatically in Putty;
WinSCP - secure FTP, for downloading or uploading your keys.
Remote machine
Log in to the remote machine as you normally would. Now in ~/.ssh/ you need to add the contents of the .pub file made above to the 'authorized_keys' file in ~/.ssh/ - if it doesn't exist, you need to add it.
In the example below, we copy the public file across to the remote machine. We will delete it after we're done.
cat id_dsa.pub >> ~/.ssh/authorized_keys
Finally, on the remote machine you want to access, make sure the authorized_keys file is properly chmod'ed:
chmod 600 ~/.ssh/authorized_keys
Closing up
A word of warning: though it sounds obvious, you can now connect to the remote machine without a password.
This means if your local machine is compromised, you can assume the remote machine is also.
If this happens, delete the entry in authorized_keys on the remote machine and you've closed that security problem.
You can also use this technique if you're using CVS and don't want to be prompted for the password all the time.