SSH and SSH Keys
SSH is a network protocol that establishes a secure channel between your computer
and a remote computer. It uses public-key cryptography to authenticate the remote
computer. It also provides trac encryption and data integrity exchanged between
computers.
SSH is frequently used to log in to a remote machine to execute commands, but you
can also use it to create a secure data tunnel, forwarding through an arbitrary TCP port.
You can also use SSH to transfer les using SFTP and SCP. By default, an SSH server uses
the standard TCP port 22.
Mac OS X Server uses OpenSSH as the basis for its SSH tools. Notably, portable home
directory synchronization is provided via SSH.
Key-Based SSH Login
Key-based authentication is helpful for such tasks as automating le transfers and
backups and for creating failover scripts because it allows computers to communicate
without a user needing to enter a password.
Important: Key-based authentication has risks. If the private key you generate
becomes compromised, unauthorized users can access your computers. You must
determine whether the advantages of key-based authentication are worth the risks.
Generating a Key Pair for SSH
The following outlines the process of setting up key-based SSH login on Mac OS X
and Mac OS X Server. To set up key-based SSH, you must generate the keys the two
computers will use to establish and validate the identity of each other.
This doesn’t authorize all users of the computer to have SSH access. Keys must be
generated for each user account.
To do this, run the following commands in Terminal:
1 Verify that an .ssh folder exists in your home folder by entering the command:
ls -ld ~/.ssh.
If .ssh is listed in the output, move to step 2. If .ssh is not listed in the output,
run mkdir ~/.ssh and continue to step 2.
2 Change directories in the shell to the hidden .ssh directory by entering the following
command:
cd ~/.ssh
3 Generate the public and private keys by entering the following command:
ssh-keygen -b 1024 -t rsa -f id_rsa -P ''
72 Chapter 4 Enhancing Security