You can set up public key authentication on UNIX by doing the following:
Ensure public-key authentication is enabled and specify the keys to be offered during public-key authentication. If you have not already generated a user keypair, please see the Key Generation KB item before proceeding.
- In your $HOME/.ssh2 directory on the client side, create an 'identification' file that contains the name of the private key:
Substitute your private key filename for 'id_dsa_2048_a' if different. If path to the key is not specified it is assumed the key exists in the same directory than the 'identification' file. If several key pairs are used, list private keys on seperate lines:
- Ensure public-key authentication is allowed in the client config file. SSH Secure Shell checks configuration options in the following order:
System-wide client configuration file, /etc/ssh2/ssh2_config
User-Specific client configuration file, $HOME/.ssh2/ssh2_config
Command line options
The last value obtained is the one used. So, this means if you have the authority to change /etc/ssh2/ssh2_config, this is the best option, as it will allow all users the possibility to authenticate using public key. If you do not have the authority to change the system-wide config file, you can still edit your user-specific config file, $HOME/.ssh2/ssh2_config , to allow public-key authentication. Ensure the AllowedAuthentications keyword in the client config file contains at least 'publickey' as an allowed authentication method:
Always place the least interactive method first. This usually means that if you wish to have multiple methods listed here, you should ensure that 'password' is last in the list.
Ensure that public-key authentication is allowed in the server configuration (sshd2_config) and the UserConfigDirectory on the server-side is accessible. Note that other authentication methods might still be required in order to login to the server.
Copy the public key portion (filename.pub) of your user keypair to the server, to your %D/.ssh2 directory. You can use sftp or another method to do this.
Create a file on the server in your %D/.ssh2 directory named 'authorization'. The file should contain the following:
Substitute your public key filename for 'id_dsa_2048_a.pub' if different. If path to the key is not specified it is assumed the key exists in the same directory than the 'authorization' file. If several key pairs are used, list public keys on separate lines:
Dec 14 '10 at 20:22
SSH KB ♦