Generating keys

From Noisebridge
(Difference between revisions)
Jump to: navigation, search
(Configuring Your SSH)
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This is a tutorial for creating keys for use with [[pony|pony]]
+
This is a tutorial for creating keys for use with [[pony|pony]]. It is necessary to have a working key to connect to pony via SSH. For a good (nonfree) introduction to cryptography, see [[http://www.google.com/search?hl=en&q=cryptography+decrypted&um=1&biw=1440&bih=642&ie=UTF-8&sa=N&tab=iw | Cryptography Decrypted]]
  
==Generating Keys==
+
==Generating the key==
  
 
The command:
 
The command:
 
<pre>
 
<pre>
ssh-kegen -t dsa
+
ssh-keygen -t dsa
 
</pre>
 
</pre>
 
will generate a DSA key pair that we can use to authenticate ourselves.
 
will generate a DSA key pair that we can use to authenticate ourselves.
  
After pressing enter you'll be asked for a file location, with a default name of id_dsa located in your ~/.ssh/ directory. It's a good idea to give it a useful name (for our purpose, 'pony' will do). You'll also be asked for an optional pass phrase for the key. You can skip this by pressing enter if you like.
+
After pressing enter you'll be asked for a file location, with a default name of id_dsa located in your <tt>'/.ssh/'</tt> directory. It's a good idea to give it a useful name (for our purpose, 'pony' will do). You'll also be asked for an optional pass phrase for the key. You can skip this by pressing enter if you like.
  
You'll now have two files, 'pony' and 'pony.pub' in your ~/.ssh/ directory:
+
You'll now have two files, 'pony' and 'pony.pub' in your <tt>'~/.ssh/'</tt> directory:
  
 
<pre>
 
<pre>
Line 21: Line 21:
  
 
==Configuring Your SSH==
 
==Configuring Your SSH==
We've got our keys, but we need to let SSH know which hosts we want to use what keys with. We'll need to edit the user config file for ssh, located in '~/.ssh/config' (If this file doesn't already exist, go ahead and create it there)
+
We've got our keys, but we need to let SSH know which hosts we want to use what keys with. We'll need to edit the user config file for ssh, located in <tt>'~/.ssh/config'</tt> (If this file doesn't already exist, go ahead and create it there)
  
 
We'll need to add these lines:
 
We'll need to add these lines:
Line 31: Line 31:
 
   IdentityFile ~/.ssh/pony.pub
 
   IdentityFile ~/.ssh/pony.pub
 
</pre>
 
</pre>
This defines a new hostname for ssh, sets some options for our security (no forwarding) and links this host to the key we generated.
+
This defines a new hostname for ssh, sets some options for our security (no forwarding) and links this host to the key we generated. If the account name of the machine you're on is different for the one you're getting on pony, you'll need to make the Hostname line include your username e.g. "Hostname myname@pony.noisebridge.net
  
 
==Configuring Pony==
 
==Configuring Pony==
You'll need some help for this next part, specifically someone listed on [[pony#accounts|pony's]] sudo list.
+
You'll need some help for this next part; Specifically, someone who's listed on [[pony|pony's]] sudo list. They'll need a copy of your public key ('pony.pub') and the best place for that is on your wiki user page! You can just copy paste the text inside the key file.
Some guy does some stuff for you
+
 
 +
The key string goes inside a file called 'authorized_keys' located at <tt>'~/.ssh/authorized_keys'</tt> on pony. This is where the remote SSHd will check for a public key to match the one you're sending. You can have multiple keys in this file, meaning you can have a separate private key for each machine you wish to connect from.
 +
 
 +
You should be good to go! Try logging in with <tt>'ssh username@pony'</tt> ! You'll have to accept the host's key the first time, but no password should be required.
 +
 
 +
Pony is currently setup to disallow password authentication, and therefore you'll need to authenticate via a public key.

Latest revision as of 22:51, 7 April 2011

This is a tutorial for creating keys for use with pony. It is necessary to have a working key to connect to pony via SSH. For a good (nonfree) introduction to cryptography, see [| Cryptography Decrypted]

[edit] Generating the key

The command:

ssh-keygen -t dsa

will generate a DSA key pair that we can use to authenticate ourselves.

After pressing enter you'll be asked for a file location, with a default name of id_dsa located in your '/.ssh/' directory. It's a good idea to give it a useful name (for our purpose, 'pony' will do). You'll also be asked for an optional pass phrase for the key. You can skip this by pressing enter if you like.

You'll now have two files, 'pony' and 'pony.pub' in your '~/.ssh/' directory:

-rw------- 1 switch switch  736 Dec  7 04:46 pony
-rw-r--r-- 1 switch switch  602 Dec  7 04:46 pony.pub

Notice that 'pony.pub' is world readable, but the (private) pony key is only readable by you, the owner. Feel free to write your public key down on your wiki user page, your tax returns or your favorite bathroom stall.

[edit] Configuring Your SSH

We've got our keys, but we need to let SSH know which hosts we want to use what keys with. We'll need to edit the user config file for ssh, located in '~/.ssh/config' (If this file doesn't already exist, go ahead and create it there)

We'll need to add these lines:

Host pony | pony.local
   Hostname pony.noisebridge.net
   ForwardAgent no
   ForwardX11 no
   IdentityFile ~/.ssh/pony.pub

This defines a new hostname for ssh, sets some options for our security (no forwarding) and links this host to the key we generated. If the account name of the machine you're on is different for the one you're getting on pony, you'll need to make the Hostname line include your username e.g. "Hostname myname@pony.noisebridge.net

[edit] Configuring Pony

You'll need some help for this next part; Specifically, someone who's listed on pony's sudo list. They'll need a copy of your public key ('pony.pub') and the best place for that is on your wiki user page! You can just copy paste the text inside the key file.

The key string goes inside a file called 'authorized_keys' located at '~/.ssh/authorized_keys' on pony. This is where the remote SSHd will check for a public key to match the one you're sending. You can have multiple keys in this file, meaning you can have a separate private key for each machine you wish to connect from.

You should be good to go! Try logging in with 'ssh username@pony' ! You'll have to accept the host's key the first time, but no password should be required.

Pony is currently setup to disallow password authentication, and therefore you'll need to authenticate via a public key.

Personal tools