Often I use ssh for remote servers control. I must remember a lots of password. I decided solve the problem. For login to servers I will use client certificate and applet SSHmenu.
First I generate the certificate in my personal notebook:
/usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tomas/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/tomas/.ssh/id_rsa.
Your public key has been saved in /home/tomas/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| ... |
| . . |
| o . |
|. . + . |
|oEo . . S |
|+. o |
Enter file in which to save the key I push enter and for question:
Enter passphrase I push enter too. I want certificate out of passphrase, but it is not recommended using a private key without a passphrase. (see comments of grantmclean below article)
/home/tomas/.ssh I find files.
-rw------- 1 tomas tomas 1675 2009-11-02 17:43 id_rsa
-rw-r--r-- 1 tomas tomas 392 2009-11-02 17:43 id_rsa.pub
You notice files permission and owner. It is important.
Now is neccessary copy public certificate(id_rsa.pub) from personal notebook to server. After advice of grantmclean (in comments) I use for copy command
Now I set values for ssh daemon in server in file
/etc/ssh/sshd.config. In config file I rewrite following rows:
# allow used public rsa certificate (only for protocol 2)
# deny root login
# deny password authentication
I restart ssh daemon and try login from my notebook to server:
If I don´t fill the passphrase then I must not write password. Now I am login to server.
Now I can copy the public certificate in other servers too. Your private certificate(id_rsa) You must protect very well. (see comments of grantmclean below article)
In my notebook I install this applet SSHmenu. After setting this applet I can login to server from my notebook in one click.