Monthly Archives: October 2014

Use SSH keys

To access an SSH server you should always use keys instead of simple passwords. Generate your keypair with PuttyGen and save your private and public key part. On Windows you can use the private part with PageAnt to provide access to the SSH server without entering a passphrase. On the SSH server store your public part within the .ssh/authorized_keys file. But don’t use the Putty-generated public part, you have to copy and paste the OpenSSH format of the public key from the PuttyGen window.

If you need your private key on a Linux client to access the SSH server, you cannot use the Putty-generated private part. You will also need an OpenSSH format. This format you can export with the menu Conversions -> Export OpenSSH key. Store your OpenSSH key as id_rsa or id_dsa file and put it into the .ssh folder of the user. Both files will be used by the SSH client (the possible file names you can find on /etc/ssh/ssh_config as IdentityFile property). If you cannot use these file names, you can also store the private key with another name, but you have to define a config section for the SSH server in ~/.ssh/config:


#
# default:
# .ssh/identity
# .ssh/id_rsa
# .ssh/id_dsa
#
host name_ssh_server
Hostname full-qualified.ssh.server.name
Port 22
IdentityFile ~/.ssh/you_own_private_key_name
ForwardX11 no

You can now access the server “name_ssh_server” with

ssh username@name_ssh_server

which will use “full-qualified.ssh.server.name” on port 22. The private key file is accessible on ~/.ssh/you_own_private_key_name (file permissions 600!) and should match with an authorized public key on the SSH server.