I would like information on using keys for my SSH sessions.

Is this hard to do?

b

No - see the manpage for ssh-keygen.

Eckhard

Well I looked at the man pages and had several links bookmarked, but lemme just see if i catch the basics of this:

Public key stored on server, and copied to etc/ssh/authorized_keys(or whatever its called)

Private key stored on client computer, and brought to server upon using SSH

And they somehow compare each other and i'm in?

b

Public key is copied to ~/.ssh/authorized_keys for the user it is to permit access to (~ representing the home directory of some user).



Pretty much, except that the private key is never 'brought to' the server. Instead, the server asks the client a question which it could not answer without knowing the private key. The server never knows the actual private key, it just knows that the client knows the private key which corresponds to the public key it has (which is an important point).

(There's also something called 'agent forwarding', which passes from the client to the server a connection which can be passed authentication requests, but still doesn't pass through the actual key.)

As such, you should always generate the key on the client, not the server.

David.

You might find these articles by Brian Hatch (author of Hacking Linux Exposed) useful:

Secure Passwordless Logins with SSH Part 2

Secure Passwordless Logins with SSH Part 3

Also see his Articles page for more on SSH and security-related issues.

Regards,

Cliff