Now the actual authentication takes place, which, in its simplest form, consists of entering a password as mentioned above. The goal of SSH was to introduce secure software that is also easy to use. Because it is meant to replace rsh and rlogin, SSH must also be able to provide an authentication method appropriate for daily use. SSH accomplishes this by way of another key pair, which is generated by the user. The SSH package provides a helper program for this: ssh-keygen. To create a key pair, proceed as follows:
Generate a key pair and choose the cryptographic algorithm (option
rsa
for RSA and dsa
for DSA):
ssh-keygen -t ALGORITHM
Confirm the default setting (usually
$HOME/.ssh/id_
.)
ALGORITHM
Insert your passphrase. Even if the software suggests an empty
passphrase, a text from 10 to 30 characters is recommended for the
procedure described here. Do not use short and simple words or phrases.
Confirm by repeating the passphrase. You can change your passphrase at
any time with the command ssh-keygen -p -t
.
ALGORITHM
Copy the public key component
(id_
) to
the remote machine. You need the passphrase on the remote machine, in
this example for user
ALGORITHM
.pubtux
on
sun:
ssh-copy-id -i $HOME/.ssh/id_ALGORITHM
.pub tux@sun
Authenticate yourself with your passphrase to establish a connection. If this does not occur, verify the location and contents of these files.
In the long run, this procedure is more troublesome than giving your
password each time. Therefore, the SSH package provides another tool,
ssh-agent, which retains the private keys for the
duration of an X session. The entire X session is started as a child
process of ssh-agent. The easiest way to do this is to
set the variable usessh
at the beginning of the
.xsession
file to yes
and log in
via a display manager, such as KDM, GDM, or XDM. Alternatively, enter
ssh-agent startx
.
Now you can use ssh or scp as usual. If you have distributed your public key as described above, you are no longer prompted for your password. Take care of terminating your X session or locking it with a password protection application .
All the relevant changes that resulted from the introduction of
version 2 of the SSH protocol are also documented in the file
/usr/share/doc/packages/openssh/README.SuSE
.
![]() | File Permissions for Host-Based Authentication |
---|---|
If the host-based authentication is to be used, the file
|