login about faq

How do you setup public-key authentication on Unix?

asked Dec 14 '10 at 20:21

SSH%20KB's gravatar image

SSH KB ♦
509249246237


You can set up public key authentication on UNIX by doing the following:

Client side

Ensure public-key authentication is enabled and specify the keys to be offered during public-key authentication. If you have not already generated a user keypair, please see the Key Generation KB item before proceeding.
  1. In your $HOME/.ssh2 directory on the client side, create an 'identification' file that contains the name of the private key: idkey id_dsa_2048_a Substitute your private key filename for 'id_dsa_2048_a' if different. If path to the key is not specified it is assumed the key exists in the same directory than the 'identification' file. If several key pairs are used, list private keys on seperate lines: idkey private_key_one idkey private_key_two
  2. Ensure public-key authentication is allowed in the client config file. SSH Secure Shell checks configuration options in the following order: System-wide client configuration file, /etc/ssh2/ssh2_config User-Specific client configuration file, $HOME/.ssh2/ssh2_config Command line options The last value obtained is the one used. So, this means if you have the authority to change /etc/ssh2/ssh2_config, this is the best option, as it will allow all users the possibility to authenticate using public key. If you do not have the authority to change the system-wide config file, you can still edit your user-specific config file, $HOME/.ssh2/ssh2_config , to allow public-key authentication. Ensure the AllowedAuthentications keyword in the client config file contains at least 'publickey' as an allowed authentication method: AllowedAuthentications publickey,password Always place the least interactive method first. This usually means that if you wish to have multiple methods listed here, you should ensure that 'password' is last in the list.

Server side

Ensure that public-key authentication is allowed in the server configuration (sshd2_config) and the UserConfigDirectory on the server-side is accessible. Note that other authentication methods might still be required in order to login to the server.
  • Copy the public key portion (filename.pub) of your user keypair to the server, to your %D/.ssh2 directory. You can use sftp or another method to do this. Unix server $HOME/.ssh2/id_dsa_2048_a.pub Windows server %PROFILE%/.ssh2/id_dsa_2048_a.pub
  • Create a file on the server in your %D/.ssh2 directory named 'authorization'. The file should contain the following: key id_dsa_2048_a.pub Substitute your public key filename for 'id_dsa_2048_a.pub' if different. If path to the key is not specified it is assumed the key exists in the same directory than the 'authorization' file. If several key pairs are used, list public keys on separate lines: key pub_key_one.pub key pub_key_two.pub
  • link

    answered Dec 14 '10 at 20:22

    SSH%20KB's gravatar image

    SSH KB ♦
    509249246237

    Your answer
    toggle preview

    Follow this question

    By Email:

    Once you sign in you will be able to subscribe for any updates here

    By RSS:

    Answers

    Answers and Comments

    Markdown Basics

    • *italic* or __italic__
    • **bold** or __bold__
    • link:[text](http://url.com/ "title")
    • image?![alt text](/path/img.jpg "title")
    • numbered list: 1. Foo 2. Bar
    • to add a line break simply add two spaces to where you would like the new line to be.
    • basic HTML tags are also supported

    Tags:

    ×54

    Asked: Dec 14 '10 at 20:21

    Seen: 3,057 times

    Last updated: Dec 14 '10 at 20:22

    All user contributed content licensed under the cc-by-sa license.
    Powered by OSQA.