Creating a PPK Pair

[email protected]:~> ssh-keygen -t dsa Generating public/private dsa key pair.

Enter file in which to save the key (/home/justin/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again:

Your identification has been saved in /home/justin/.ssh/id_dsa. Your public key has been saved in /home/justin/.ssh/ The key fingerprint is:

07:3d:01:94:6b:23:4d:d4:a3:8d:49:b5:b6:ac:ad:83 [email protected] [email protected]:~>

In this example, we created a key pair using the DSA encryption algorithm. The SSH protocol has two levels, protocol 1 and protocol 2. Protocol 2 is inherently more secure. To make sure you create an SSH v2 key pair, pass either dsa or rsa as the key type with -t on the command line.

Our keys are saved in ~/.ssh/, providing us with a means to copy our public key over to another server so that we can log in. In the case of DSA, our public key is called and our private key is called id_dsa.

j f - - p Your private key must be kept private from any other user at all costs, particularly if

„■ *«■'-■ - ,t . you choose not to enter a passphrase.

On the machine on which we want to log in securely, we need to copy our public key over to the file ~/.ssh/authorized_keys (see Listing 15-12). The authorized keys file contains public keys for a specific user that will enable them to log in. Only this user will use the PPK pair; it is not system-wide.

We can do this manually by first copying the public key to the other server and then appending it to the authorized_keys file.

Was this article helpful?

0 0

Post a comment