-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Linux: SSH keys
- Thread starter GT1999
- Start date
kamper
Diamond Member
man ssh-keygen should tell you what you need to know. I think the -t option is the only one you need.
There's also the question of whether or not you want to leave the private key unencrypted on the client machine. If not, then you'll have to look into using ssh-agent to supply the keys to your scripts.
There's also the question of whether or not you want to leave the private key unencrypted on the client machine. If not, then you'll have to look into using ssh-agent to supply the keys to your scripts.
kamper
Diamond Member
Hmm, I might not have read your last post correctly. I thought you meant that you only wanted to deal with the public keys, but now I'm thinking that you meant that you thought that the man page only dealt with public keys.
Here's a slightly more complete description of the process so that you know how to look at it:
-on the client:
-run ssh-keygen -t rsa
-answer the questions and it'll make ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
-id_rsa is the private key. Permissions will already be set properly but (especially if you used a blank passphrase) it must never be readable by anyone but you
-id_rsa.pub is the corresponding public key
-copy it to the server and append it to ~/.ssh/authorized_keys (on a new line). Doesn't matter who can read it, as long as only you can write it.
Now, when you ssh from the client to the server (or sftp or scp), it should just go without any prompting, unless you chose a non-blank passphrase, in which case you'll be prompted for it every time. The reason you want this is that root on the client machine can always read your private key so, if that's not you, you'll want it encrypted. To make that work with scripts, you start ssh-agent and tell it the passphrase. It then runs in the background and puts a pipe in /tmp that ssh/sftp/scp talk to to get the private key while running from within the script. So root can still grab your key via the pipe, but only so long as you have ssh-agent running.
Here's a slightly more complete description of the process so that you know how to look at it:
-on the client:
-run ssh-keygen -t rsa
-answer the questions and it'll make ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
-id_rsa is the private key. Permissions will already be set properly but (especially if you used a blank passphrase) it must never be readable by anyone but you
-id_rsa.pub is the corresponding public key
-copy it to the server and append it to ~/.ssh/authorized_keys (on a new line). Doesn't matter who can read it, as long as only you can write it.
Now, when you ssh from the client to the server (or sftp or scp), it should just go without any prompting, unless you chose a non-blank passphrase, in which case you'll be prompted for it every time. The reason you want this is that root on the client machine can always read your private key so, if that's not you, you'll want it encrypted. To make that work with scripts, you start ssh-agent and tell it the passphrase. It then runs in the background and puts a pipe in /tmp that ssh/sftp/scp talk to to get the private key while running from within the script. So root can still grab your key via the pipe, but only so long as you have ssh-agent running.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
