SSH Keys

Setup (from command line)

  1. Remove your .rhosts file: rm -f ~/.rhosts You won’t be needing this file anymore.

  2. chmod go-w ~. This removes write privileges on your home directory for everyone but you.

  3. mkdir ~/.ssh , if it does not already exist. This is the directory where your SSH keys will be stored. Once created, chmod 711 ~/.ssh . It should only be writable by you, and does not need to be readable by anyone but you. However, there are some files which you might want to make available to others, which is why the group and world-executable bits are set.

  4. Generate your SSH key with the command ssh-keygen -b 2048 -t rsa. This will make a 2048-bit RSA key pair. Use the default setting to save the key (hit enter) and be sure to set a passphrase.

  5. Copy your key into the authorized_keys2 file by typing cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys2. Any other OpenSSH ssh2-keys can be placed in this file, one per line. SSH1 keys can be placed in ~/.ssh/authorized_keys, one on a line, the same format as SSH v1. Read the ssh-keygen and SSH man pages for more information on sshv1 key usage.

  6. Make a link from your private key id_rsa to identity so ssh-add knows that it is your default identity file. To do this typeln -s ~/.ssh/id_rsa ~/.ssh/identity.

  7. Optionally chmod 644 ~/.ssh/*.pub . This will allow someone else access to the public half of your ssh key, should they want it for something. Securing the public half is unnecessary, but you should never allow someone access to the other files in your .ssh directory.

  8. Log out, then log back in.

  9. Run ssh-add from a command-line prompt once you’ve logged back in. You should be prompted for your passphrase, if you set one in step 2. If you get a message saying "Could not open a connection to your authentication agent," open a new xterm using your window manager and try again. (Some user configurations spawn xterms just before starting the window manager. These xterms are not children of the window manager, so they do not inherit the connection to ssh-agent.)

  10. Test out ssh by making a connection to a remote host. Use the -v option to enable verbose mode. If you want to run X-based software remotely, you can use the -f option to have ssh return to the command line after spawning the process on the remote host.

Setup (Gnome)

  1. Go to Systems, Preferences, Sessions.

  2. Click on the Startup Programs tab.

  3. Hit 'Add' and type in /usr/bin/ssh-add.

  4. Click 'OK' then 'Close'. Now Gnome should ask you for your SSH passphrase once when you log in and you won't have to enter your passphrase for each ssh connection.