This is the most simplest tutorial of SSH. I had been surfing the Internet for a long
time to get this done, but it was not getting done.
Here are the steps that anyone should follow.
USING SSH 1
Local Machine (client): temp1@Mia
Server Machine (sshd server): temp1@zidler
STEP 1: Creating ssh key
temp1@mia:~> ssh-keygen -t rsa1
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/temp1/.ssh/identity): PRESS ENTER
Enter passphrase (empty for no passphrase): secretpassword
Enter same passphrase again: secretpassword
Your identification has been saved in /home/temp1/.ssh/identity.
Your public key has been saved in /home/temp1/.ssh/identity.pub.
The key fingerprint is:
f3:ac:c7:0c:0f:66:bb:dd:41:be:f6:38:39:31:11:9d temp1@zidler.ece.uic.edu
(Enter a passphrase when prompted. NOTE this is a passphrase and not PASSWORD that u use for logging in.
Thus any valid passphrase will work. This passphrase is just used to encrpt the private key, so that
others cannot read it.. Just press “ENTER” if you do not want a passphrase)
STEP 2: Append /home/shashank/.ssh/identity.pub (on Mia, ) file to ~/.ssh/authorized_keys on
server machine(zidler) that u want to log-in.
STEP3: copy the following in ~/ssh/config (Only on client..)
Host *
ForwardX11 yes
Protocol 1,2
STEP4: Thats all.. You are ready for passwordless login
—————————————————————————-
USE SSH2
This is much better than SSH1 and also the newest standard.
I have been using OpenSSH and SecureCRT, and the SSH product that comes with Solaris (i dunno which).
Local Machine (client): Mia
Server Machine (sshd server): Ghulam
STEP 1: Creating and ssh key
mia%~> ssh-keygen -t rsa (other options are rsa1-> for ssh1, dsa-> for ssh2+dsa)
Generating public/private rsa key pair.
Enter file in which to save the key (/home/shashank/.ssh/id_rsa): PRESS ENTER
Enter passphrase (empty for no passphrase): secretpassword (OR PRESS ENTER FOR NO PASSWD.. preferred method)
Enter same passphrase again: secretpassword (OR PRESS ENTER FOR NO PASSWD.. prefferred method)
Your identification has been saved in /home/shashank/.ssh/id_rsa.
Your public key has been saved in /home/shashank/.ssh/id_rsa.pub.
The key fingerprint is:
45:2b:41:a2:22:04:ed:ad:2d:0f:1b:b3:1d:9f:e3:5e shashank@mia
(Enter a passphrase when prompted. NOTE this is a passphrase and not PASSWORD that u use for logging in.
Thus any valid passphrase will work. This passphrase is just used to encrpt the private key, so that
others cannot read it.. I prefer not to use any password)
STEP 2: Check the /home/shashank/.ssh/id_rsa.pub
It should look something similar to this:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwPvDSPO18NPH4p0RylhROgfL/4nz8+xHUl6olSWq2RqSXACdR6rzlytT8QPdHEgBM8
YsmYsGTKxbqNIMMivROmcfcKStViQO0Tgl7ZGSjKjzB6mLtS9DjQPYm/J1hQRASdY9JCs80PyGHuSu4QezY+jY9/
Opj8ZLB2WjgO7fFiU= shashank@mia
STEP 3: Append /home/shashank/.ssh/id_rsa.pub (on Mia, client machine) file to ~/.ssh/authorized_keys on
server machine(ghulam) that u want to log-in.
In this case, let us say, that i want to log into an account shashank@ghulam.
I will do the following:
mia%~> scp ~/.ssh/id_rsa.pub shashank@ghulam:~/.ssh/id_rsa_mia.pub
(In the above command, I am transferring my public key on mia, to my account “shashank” on ghulam, and renaming it as
id_rsa_mia.pub.. The renaming will make sure that u do not overwrite the public key present on ghulam..
You don’t have to use scp, and u can use ftp or email to transfer the public ket from mia.)
After the above step, i log on to ghulam and append the id_rsa_mia.pub file contents to the end of
~/.ssh/authorized_keys file present on shashank@ghulam. NOTE if this file is not present, just create a new file.
NOTE: Your local public key must be recorded in the authorized_keys file of the server
where u want to log-in.
STEP 4: on local machine (Mia) start ssh-agent and ssh-add (ONLY if you have used a password in STEP 1, to protect the
private key)
do the following
mia%~> ssh-agent $SHELL
mia%~> ssh-add
This will ask for you to enter the “Passphrase” (secretpassword) only ONCE. Enter that and it will
return to the prompt. Now from here onwards, u don’t have to enter the password for
anything (ssh or scp or anything)
thats it,.
Suppose u are using secureCRT. In this case, u will need to transfer the Identity.pub file.
You can find the location of this file by going to Options->Global Sessions->SSH2 in SecureCRT.
Just transmit this file to the server. Note that this file is of the form
—- BEGIN SSH2 PUBLIC KEY —-
Subject: shashank
Comment: shashank@film
AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6IlFxDO2viAwSzGqxzwiHNWqrePmi22L84Cru
R85IDUXULNzOe3NvPa/fA2OA6qWbHQIpQFOlbTwodpKqWQIcSceYupd/EEcgC1tc/lYg
g4lc9aAkvU0LKEsb54YXly0RyhVo22+eC7l35mv2YYb3HZbG3VTrMlMekh91UiXm6w==
—- END SSH2 PUBLIC KEY —-
So u cannot add it directly to authorized_keys on the server.
U will have to use a command at the server to convert it to the standard form
ghulam> ssh-keygen -X -f ~/.ssh/Identity.pub >> temp_keys2
the above command will convert the public key to the below form
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6IlFxDO2viAwSzGqxzwiHNWqrePmi22L84CruR85IDUXULNzOe3NvPa/
fA2OA6qWbHQIpQFOlbTwodpKqWQIcSceYupd/EEcgC1tc/lYgg4lc9aAkvU0LKEsb54YXly0RyhVo22+eC7l35mv2YYb3
HZbG3VTrMlMekh91UiXm6w==
Append the abpve at the end of authorized_keys (again if authorized_keys is not present, just create it).
Everything eles should be OK.,
Also remember to use the authentication as “Public Key” and then “password” in secureCRT.
Some important ssh comands:
ssh shashank@ghulam (for logging in)
scp temp shashank@ghulam:~/temp/ (to transfer local temp file to ghulam)
if u use “-v” option in the above command, you will get a lot of debugging messages,
which provide very useful messages.
Regards
Shashank
http://mia.ece.uic.edu/~papers
