You can set up public key authentication on UNIX by doing the following:
Client side
Ensure public-key authentication is enabled and specify the keys to be offered during public-key authentication. If you have not already generated a user keypair, please see the Key Generation KB item before proceeding.
- In your $HOME/.ssh2 directory on the client side, create an 'identification' file that contains the name of the private key:
idkey id_dsa_2048_a
Substitute your private key filename for 'id_dsa_2048_a' if different. If path to the key is not specified it is assumed the key exists in the same directory than the 'identification' file. If several key pairs are used, list private keys on seperate lines:
idkey private_key_one
idkey private_key_two
- Ensure public-key authentication is allowed in the client config file. SSH Secure Shell checks configuration options in the following order:
System-wide client configuration file, /etc/ssh2/ssh2_config
User-Specific client configuration file, $HOME/.ssh2/ssh2_config
Command line options
The last value obtained is the one used. So, this means if you have the authority to change /etc/ssh2/ssh2_config, this is the best option, as it will allow all users the possibility to authenticate using public key. If you do not have the authority to change the system-wide config file, you can still edit your user-specific config file, $HOME/.ssh2/ssh2_config , to allow public-key authentication. Ensure the AllowedAuthentications keyword in the client config file contains at least 'publickey' as an allowed authentication method:
AllowedAuthentications publickey,password
Always place the least interactive method first. This usually means that if you wish to have multiple methods listed here, you should ensure that 'password' is last in the list.
Server side
Ensure that public-key authentication is allowed in the server configuration (sshd2_config) and the UserConfigDirectory on the server-side is accessible. Note that other authentication methods might still be required in order to login to the server.
Copy the public key portion (filename.pub) of your user keypair to the server, to your %D/.ssh2 directory. You can use sftp or another method to do this.
Unix server
$HOME/.ssh2/id_dsa_2048_a.pub
Windows server
%PROFILE%/.ssh2/id_dsa_2048_a.pub
Create a file on the server in your %D/.ssh2 directory named 'authorization'. The file should contain the following:
key id_dsa_2048_a.pub
Substitute your public key filename for 'id_dsa_2048_a.pub' if different. If path to the key is not specified it is assumed the key exists in the same directory than the 'authorization' file. If several key pairs are used, list public keys on separate lines:
key pub_key_one.pub
key pub_key_two.pub
answered
Dec 14 '10 at 20:22
SSH KB ♦
509●250●248●238