LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-09-2012, 11:15 PM   #1
wh33t
Member
 
Registered: Oct 2003
Location: Canada
Distribution: Ubuntu Server LTS 14.04.1
Posts: 451

Rep: Reputation: 34
SSH Public/Private key pair


Hey LQ,

I'm trying to follow this guide (http://www.spaceprogram.com/knowledge/cron_scp.html) to get a password-less remote rsync going.

I'm a little confused exactly what the public/private key pair is.

I want my computer at my house to SSH into my webserver. So do I generate the key pair from the server and then install the public key on my home computer in the ~/.ssh/authorized_keys file? Or do I generate the key pair from my computer at home and then install the private key on the server? I always get confused where to generate the keys and then where I install them.

Thanks for your help.
 
Old 10-09-2012, 11:54 PM   #2
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Rep: Reputation: Disabled
Hi

First of all there is nothing to be get confused in configuring passwordless login.The link you had posted out does'int tell more about sshd_config setting modification ,and permission to be applied to keys. (Passwordless login never works without proper permission &ssh_config modfication) .You can look after the below blog ,it will give you clear idea of modfication of sshd_config file & permission for keys.

1.Generate ssh-keygen -t rsa
2.Copy generated id_rsa.pub(server) key to authorized_key2 in client machine using scp
3.Copy id_rsa.pub key of client to server machine known_hosts
4.If you done the above step wright,you have to look after the permission of .ssh,id_rsa.pub,authorized_keys
5.check out the sshd_config ,whether you had enable pubkey attentication to YES

http://www.linuxquestions.org/questi...os-rhel-35029/
 
Old 10-10-2012, 04:02 AM   #3
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian
Posts: 2,455

Rep: Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843
Quote:
Originally Posted by wh33t View Post
I'm a little confused exactly what the public/private key pair is.

I want my computer at my house to SSH into my webserver. So do I generate the key pair from the server and then install the public key on my home computer in the ~/.ssh/authorized_keys file? Or do I generate the key pair from my computer at home and then install the private key on the server? I always get confused where to generate the keys and then where I install them.
Here is an analogy: the public key is like a lock, and the private key is the key that can open the lock. So if you want to secure access to a server, you want to put your lock (public key) on the server's "door", so that your computer at home which has the key to the lock (private key) can open the "door".
 
2 members found this post helpful.
Old 10-10-2012, 01:57 PM   #4
sneakyimp
Member
 
Registered: Dec 2004
Posts: 795

Rep: Reputation: 50
I'm fairly new to this so I hope someone will correct me if I make a mistake...

You should generate your key pair on a machine that you trust. It's really easy using the ssh-keygen commands on a linux machine or a Max running OSX. Once you create this pair, it's important to know which key is public and which is *private*. You can show the public key to the whole world -- put it up on http://keyserver.ubuntu.com/ if you like. Publish it on the front page of the New York Times. A public key is the one you hand to someone and you say "if you want to talk to me, use this key to encrypt your messages to me."

Your private key is SECRET and you should NEVER SHOW IT TO ANYONE. When people send you data encrypted with your public key, this is the only way you can (reasonably) decrypt it. If you are smart, you will keep your private key encrypted with a password -- ssh-keygen makes this easy because it prompts you for a password. Any application (like ssh or sftp or apache etc) that wants to use your private key for the purpose of encrypting or decrypting data should prompt you for this password so it can extract your private key from the password-encrypted text file you keep lying around on your hard disk. Having to supply a password to use one's own private key can be a hassle in certain circumstances -- e.g., when apache boots up on your server and there's no one around to enter the passphrase -- and in those circumstances, the private key is often stored unencrypted.

Bruce Schneier's book "Applied Cryptography" is a masterpiece of a book that describes this stuff very patiently and clearly.
 
Old 10-10-2012, 04:09 PM   #5
wh33t
Member
 
Registered: Oct 2003
Location: Canada
Distribution: Ubuntu Server LTS 14.04.1
Posts: 451

Original Poster
Rep: Reputation: 34
Quote:
Originally Posted by ntubski View Post
Here is an analogy: the public key is like a lock, and the private key is the key that can open the lock. So if you want to secure access to a server, you want to put your lock (public key) on the server's "door", so that your computer at home which has the key to the lock (private key) can open the "door".
Thank you. That very clearly answered my question.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SSH Public/Private Key Authentication Concepts vahab Linux - Security 9 12-28-2011 08:05 AM
pgp/openSSH/etc, should I use a single public/private key pair or different ones? Cultist Linux - Security 3 07-15-2011 05:29 AM
import public/private key for SSH cccc Debian 1 07-22-2009 08:56 AM
SSH Public/Private Key Fail. Help Please! hawk__0 Linux - Networking 9 11-07-2008 03:36 PM
need help with SSH private/public key taduser Linux - Security 2 04-02-2007 07:07 PM


All times are GMT -5. The time now is 04:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration