Ubuntu Unleashed 2019 Edition: Covering 18.04, 18.10, 19.04

(singke) #1

solution is to use key-based logins; each such login generates a unique 1,024-
bit private and public key pair for your machine. These keys take even the
fastest computers a lifetime to crack, and you can back them up with a
password to stop others from using them.


You create an SSH key by using the ssh-keygen command, like this:


Click here to view code image
matthew@seymour:~$ ssh-keygen –t dsa


Press Enter when the system asks you where to save your key, and enter a
passphrase when it asks you to. This passphrase is just a password used to
protect the key. You can leave it blank if you want to, but doing so will allow
other people to use your account to connect to remote machines if they can
manage to log in as you.


After the key is generated, change the directory to .ssh (cd ~/.ssh),
which is a hidden directory where your key is stored and that keeps a list of
safe SSH hosts. Assuming that you use the default options, here you see the
files id_dsa and id_dsa.pub. The first is your private key, and you
should never give it out. The second is your public key, which can safely be
distributed. You need to copy the public key to each server you want to
connect to via key-based SSH.


Using scp, you can copy the public key over to your server, like this:


Click here to view code image
matthew@seymour:~$ scp id_dsa.pub 192.186.1.102:


This places id_dsa.pub in your /home directory (for an account that uses
the same username as your local account) on 192.186.1.102. The next step is
to ssh into 192.186.1.102 normally and set up that key as an authorized key.
So, you can ssh in as yourself:


Click here to view code image
matthew@seymour:~$ ssh 192.168.1.102


After logging in normally, type this:


Click here to view code image
matthew@babbage:~$ touch .ssh/authorized_keys
matthew@babbage:~$ cat id_dsa.pub >> .ssh/authorized_keys
matthew@babbage:~$ chmod 400 .ssh/authorized_keys


The touch command creates the authorized_keys file (if it does not
exist already); then you use cat to append the contents of id_dsa.pub to
the list of already authorized keys. Finally, you use chmod to make

Free download pdf