Filter
Top Products
32 Chapter 2 Connecting to Remote Computers
You should be aware of the following SSH tools:
 sshd—Daemon that acts as a server to all other commands
 ssh—Primary user tool: remote shell, remote command, and port-forwarding
sessions
 scp—Secure copy, a tool for automated file transfers
 sftp—Secure FTP, a replacement for FTP
Password-Less Logins Using SSH Keys
The standard method of SSH authentication is supplying login credentials in the form
of a user name and password. Identity key pair authentication enables you to log in to
the server without having to supply a password. This process works by:
 Generating a private and public key associated with a user name to establish that
user’s authenticity. When you attempt to log in as that user, the user name is sent to
the remote computer.
 The remote computer looks in the user’s .ssh/ folder for the user’s public key. This
folder is created after using SSH the first time.
 A challenge is then sent to the user based on his or her public key.
 The user verifies his or her identity by using the private portion of the key pair to
decode the challenge.
 Once decoded, the user is logged in without the need for a password. This is
especially useful when automating remote scripts.
To generate the identity key pair, use the following command on the local computer:
$ ssh-keygen -t dsa
When prompted, enter a filename in which to save the keys in the user’s folder. Then
enter a password followed by password verification (empty for no password). For
example:
Generating public/private dsa key pair.
Enter file in which to save the key (/Users/anne/.ssh/id_dsa):
frog
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in
frog
.
Your public key has been saved in
frog
.pub.
The key fingerprint is:
4a:5c:6e:9f:3e:35:8b:e5:c9:5a:ac:00:e6:b8:d7:96 annejohnson1@mac.com
This creates two files. Your identification or private key is saved in one file (frog in our
example) and your public key is saved in the other (frog.pub in our example). The key
fingerprint, which is derived cryptographically from the public key value, is also
displayed. This secures the public key, making it computationally infeasible for
duplication.