ssh is a program used for logging into a remote machine and execute commands on that machine. For example right now I have logged into a remote machine and executed DVD burning command on that computer since it has a DVD writer.
The simplest use of ssh is ssh hostname. This command connects to hostname and presents you with a login and password prompt. Provide the right credentials, and you’re in-
$ ssh remotehost
We can also simplify the upper command by providing the login name along with the host name. Now the system will only ask for password since I have already provided the login name -
$ ssh myname@remotehost
ssh also provides a convenient way to copy files and entire directories from one computer to another. scp is almost as easy to use as cp. Here’s an example:
$ scp -p -r ~/mydocs myserver:
This command copies the ~/mydocs directory to myserver. Since we did not provide a destination path name, in this case, files will be copied to the home directory. The -p option preserves the date and time stamps on all the files, while -r enables recursive mode, where scp descends and copies all subdirectories, as well.
Now to the main topic. Each time you login, the remote computer asks your for your password. The repeated prompts simply slow down work and prevent automation. Luckily, ssh supports public or private key authentication and system aliases.
Let’s set up a public or private key pair using the DSA encryption scheme. To do so, you must generate the key pair, copy the public key to the remote system, add it to the list of known keys, and verify that everything works.
Creating and installing a public or private key-
1 $ cd ~
2 $ mkdir .ssh
3 $ chmod 700 .ssh
4 $ cd .ssh
5 $ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): ./id_dsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./id_dsa.
Your public key has been saved in ./id_dsa.pub.
The key fingerprint is:
6 $ ls
7 $ chmod 600 *
8 $ scp id_dsa.pub remotehost:
id_dsa 100% 668 0.7KB/s 00:00
9 $ ssh myname@remotehost
A $ mkdir .ssh
B $ chmod 700 .ssh
C $ cd .ssh
D $ cat ../id_dsa.pub >> authorized_keys
E $ rm ../id_dsa.pub
F $ chmod 600 *
G $ logout
10 $ ssh remotehost
a $ hostname
b $ logout
Commands 1 through 3 create a private local directory named .ssh in your home directory. This directory must be mode 700, or ssh won’t use public or private key authentication. Command 5 creates the key pair using DSA. For now, leave the two passphrases blank. ssh-keygen generates two files: id_dsa (the private key) and id_dsa.pub (the public key). Step 6 shows the files, while Step 7 protects both keys. Your keys must be mode 0600 or mode 0400.
Step 8 copies the public key to the remote computer. For now, you must type your password, but this is the last time. Commands A through C create the private .ssh directory, and Step D adds the public key to the list of authorized keys. The name of the file — authorized_keys — is intentional. Do not name the file differently. Step E removes the copy of the key; Step F protects the files, as in Step 7.
When you log out and log back in, a password is no longer required. ssh (and scp and sftp) tests your private key against the remote public key. If a match is found, your credentials are sound and you can log in without further identification.
The public key sharing is pretty useful when you frequently login to a machine, it speeds up the process by not showing the password prompt each time. Besides that, there is another benefit – automation. When you are running a program that will connect to your remote computer. In such scenario, the program will not prompt you for password and thus allow you to run automated scripts.