SSH Public Private Key + passphrase

shadycat75 · October 17, 2008, 8:03pm

Hi all,

I am looking to to set up ssh to a server using passphrase authentication (thinking this is the most secure method) I have created my DSA keys on the server. Can anyone help with with the next steps. I (think) understand that ssh keys are a per server per user item.

How do i configure my server to allow only passphrase authentication, is it simply setting “PasswordAuthentication no”

And then copying my DSA public key from the server to my .ssh/id_dsa file in my profile on the client machine?

Giving that the above is correct (which i doubt it is) is there anything else is should know to make a secure setup, stop root ssh, changing ports etc.

Any help / advise is welcome

caf4926 · October 17, 2008, 8:18pm

Use this how to
it worked for me perfectly

Public Key Authentication - openSUSE

shadycat75 · October 17, 2008, 8:20pm

Looks good, thanks for the help, i will experiment and get back to you with the result, cheers for the quick response.

user · October 17, 2008, 8:26pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, you are about there. First, it is that simple to disable
password-based authentication. Make sure you restart ‘sshd’ when you
make that change and save the file (/etc/init.d/sshd restart). Also
you should be generating these keys on your client and then copying the
public key to the server. Either way is fine but typically you use one
public/private keypair to access multiple boxes and you only want your
private key on one box at most to prevent places from which it can be
swiped.

I also change my SSH port whenever I’m feeling cautious. You should
also uncomment PermitRootLogin and change it to ‘no’, and you should
change the ‘Protocol 2,1’ line in both /etc/ssh/sshd_config and
/etc/ssh/ssh_config files so it is just ‘Protocol 2’. With all these
changes done bounce sshd again and enjoy.

Good luck.

shadycat75 wrote:
> Hi all,
>
> I am looking to to set up ssh to a server using passphrase
> authentication (thinking this is the most secure method) I have created
> my DSA keys on the server. Can anyone help with with the next steps. I
> (think) understand that ssh keys are a per server per user item.
>
> How do i configure my server to allow only passphrase authentication,
> is it simply setting “PasswordAuthentication no”
>
> And then copying my DSA public key from the server to my .ssh/id_dsa
> file in my profile on the client machine?
>
> Giving that the above is correct (which i doubt it is) is there
> anything else is should know to make a secure setup, stop root ssh,
> changing ports etc.
>
> Any help / advise is welcome
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI+NjZ3s42bA80+9kRAosUAJwLWtMYIsjBkwLCLHlWHgMHKm3p+ACfc9UH
4dj5uUdhxuRprzxmB632eZc=
=hwqB
-----END PGP SIGNATURE-----

shadycat75 · October 18, 2008, 4:27pm

I have ssh with key authentication running now. Thanks for the help.