SSH Authentication by Keys

Cryptographically secure pseudorandom number g...

Cryptographic key icon (Photo credit: Wikipedia)

It is possible to use cryptographic keys to login to an SSH server (as an alternative to standard password authentication). I will refer to the experts on this one and send you to the CentOS wiki page for Securing SSH – Section 7 “Use Public/Private Keys for Authentication”. NOTE: permissions are *very* important. Your ~/.ssh should be mode 700 and your ~/.ssh/authorized_keys should be mode 600. Key authentication with CentOS will fail if these permissions are not strong enough.

As of CentOS 6.x, the openssh-clients package is shipping with the “ssh-copy-id” utility. This can help you automate or simplify the task of distributing (sending) your ssh public key to other systems where you want to log on with a key. See the ssh-copy-id example given as an answer to the serverfault question How to automate SSH login …

I leave it up to you to determine the security implications, advantages, and disadvantages of this technique. It is very popular, but with increased convenience may come some extra security risk (possible damage due to a compromized account with multiple system access via SSH keys). Keeping your keys encrypted and using ssh-agent can help make your key logins a little more secure. Happy SSH’ing!

Advertisements

About notesbytom

Keeping technology notes on WordPress.com to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in Linux and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s