Make your own free website on Tripod.com
OpenSSH with RSA and DSA
These notes come from three articles by Daniel Robbins of Gentoo for IBM devworks.
http://www-106.ibm.com/developerworks/library/l-keyc.html


The RSA and DSA protocols use special properties of key pairs to preform secure authentication without transmitting confidential information on the network.  There is a public key which is used to encypt any data and a private key which is use to decrypt the encrypted data.

When installed and we connect to a remote host, the remote host will generate a radom number and encrypt it with our public key, then send the encrypt number to our local host.  The local host will decrypt the encrypted number using our private key and send the generated results to the remote host.  If the remote host recieves the numer it first generated it knows we are who we say we are.

Your private key should never be accessed by anyone.  Never share it or send it to anyone.  There is no need for them to have it.  It should, and is by default, be in a directory only you have access to (chmod 700).  Your public key you will have to copy to the appropriate location on the remote host.  More on that in a second.

The first step is to generate your key pair.

For RSA

as $USER
    $ ssh-keygen -t rsa
            file location: (use the default)
            passphrase: (don't use a blank passphrase for secerity reasons)
            again:
            privatekey: ~/.ssh/identity
            public key: ~/.ssh/identity.pub


For DSA

as $USER
    $ ssh-keygen -t dsa
            file location: (use the default)
            passphrase: (don't use a blank passphrase for secerity reasons)
            again:
            privatekey: ~/.ssh/id_dsa
            public key: ~/.ssh/id_dsa.pub


For RSA2

as $USER
    $ ssh-keygen -t rsa2
            file location: (use the default)
            passphrase: (don't use a blank passphrase for secerity reasons)
            again:
            privatekey: ~/.ssh/id_rsa
            public key: ~/.ssh/id_rsa.pub


Ok now we have our key pair we need to make our public key avalible on the remote host before we can use it.  Copy your public key, however you wish, to the remote host.  Anyone can see it, that's why it's called a public key.  Now append the contents of the public key file to your ~/.ssh/authorized_keys.

Rockin, The next time you ssh/scp... use the passphrase instead of the password.  Passphrases are more flexable....




Index