LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   SSH Public/Private key pair (http://www.linuxquestions.org/questions/linux-security-4/ssh-public-private-key-pair-4175431428/)

wh33t 10-09-2012 11:15 PM

SSH Public/Private key pair
 
Hey LQ,

I'm trying to follow this guide (http://www.spaceprogram.com/knowledge/cron_scp.html) to get a password-less remote rsync going.

I'm a little confused exactly what the public/private key pair is.

I want my computer at my house to SSH into my webserver. So do I generate the key pair from the server and then install the public key on my home computer in the ~/.ssh/authorized_keys file? Or do I generate the key pair from my computer at home and then install the private key on the server? I always get confused where to generate the keys and then where I install them.

Thanks for your help.

arun5002 10-09-2012 11:54 PM

Hi

First of all there is nothing to be get confused in configuring passwordless login.The link you had posted out does'int tell more about sshd_config setting modification ,and permission to be applied to keys. (Passwordless login never works without proper permission &ssh_config modfication) .You can look after the below blog ,it will give you clear idea of modfication of sshd_config file & permission for keys.

1.Generate ssh-keygen -t rsa
2.Copy generated id_rsa.pub(server) key to authorized_key2 in client machine using scp
3.Copy id_rsa.pub key of client to server machine known_hosts
4.If you done the above step wright,you have to look after the permission of .ssh,id_rsa.pub,authorized_keys
5.check out the sshd_config ,whether you had enable pubkey attentication to YES

http://www.linuxquestions.org/questi...os-rhel-35029/

ntubski 10-10-2012 04:02 AM

Quote:

Originally Posted by wh33t (Post 4801793)
I'm a little confused exactly what the public/private key pair is.

I want my computer at my house to SSH into my webserver. So do I generate the key pair from the server and then install the public key on my home computer in the ~/.ssh/authorized_keys file? Or do I generate the key pair from my computer at home and then install the private key on the server? I always get confused where to generate the keys and then where I install them.

Here is an analogy: the public key is like a lock, and the private key is the key that can open the lock. So if you want to secure access to a server, you want to put your lock (public key) on the server's "door", so that your computer at home which has the key to the lock (private key) can open the "door".

sneakyimp 10-10-2012 01:57 PM

I'm fairly new to this so I hope someone will correct me if I make a mistake...

You should generate your key pair on a machine that you trust. It's really easy using the ssh-keygen commands on a linux machine or a Max running OSX. Once you create this pair, it's important to know which key is public and which is *private*. You can show the public key to the whole world -- put it up on http://keyserver.ubuntu.com/ if you like. Publish it on the front page of the New York Times. A public key is the one you hand to someone and you say "if you want to talk to me, use this key to encrypt your messages to me."

Your private key is SECRET and you should NEVER SHOW IT TO ANYONE. When people send you data encrypted with your public key, this is the only way you can (reasonably) decrypt it. If you are smart, you will keep your private key encrypted with a password -- ssh-keygen makes this easy because it prompts you for a password. Any application (like ssh or sftp or apache etc) that wants to use your private key for the purpose of encrypting or decrypting data should prompt you for this password so it can extract your private key from the password-encrypted text file you keep lying around on your hard disk. Having to supply a password to use one's own private key can be a hassle in certain circumstances -- e.g., when apache boots up on your server and there's no one around to enter the passphrase -- and in those circumstances, the private key is often stored unencrypted.

Bruce Schneier's book "Applied Cryptography" is a masterpiece of a book that describes this stuff very patiently and clearly.

wh33t 10-10-2012 04:09 PM

Quote:

Originally Posted by ntubski (Post 4801926)
Here is an analogy: the public key is like a lock, and the private key is the key that can open the lock. So if you want to secure access to a server, you want to put your lock (public key) on the server's "door", so that your computer at home which has the key to the lock (private key) can open the "door".

Thank you. That very clearly answered my question.


All times are GMT -5. The time now is 10:26 AM.