Creating a PPK Pair

[email protected]:~> ssh-keygen -t dsa Generating public/private dsa key pair.

Enter file in which to save the key (/home/justin/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again:

Your identification has been saved in /home/justin/.ssh/id_dsa. Your public key has been saved in /home/justin/.ssh/id_dsa.pub. The key fingerprint is:

07:3d:01:94:6b:23:4d:d4:a3:8d:49:b5:b6:ac:ad:83 [email protected] [email protected]:~>

In this example, we created a key pair using the DSA encryption algorithm. The SSH protocol has two levels, protocol 1 and protocol 2. Protocol 2 is inherently more secure. To make sure you create an SSH v2 key pair, pass either dsa or rsa as the key type with -t on the command line.

Our keys are saved in ~/.ssh/, providing us with a means to copy our public key over to another server so that we can log in. In the case of DSA, our public key is called id_dsa.pub and our private key is called id_dsa.

j f - - p Your private key must be kept private from any other user at all costs, particularly if

„■ *«■'-■ - ,t . you choose not to enter a passphrase.

On the machine on which we want to log in securely, we need to copy our public key over to the file ~/.ssh/authorized_keys (see Listing 15-12). The authorized keys file contains public keys for a specific user that will enable them to log in. Only this user will use the PPK pair; it is not system-wide.

We can do this manually by first copying the public key to the other server and then appending it to the authorized_keys file.

Was this article helpful?

0 0

Post a comment