System Administration: Login using SSH and a public/private keypair
- - sending your public key to the administrator of the system; or
- - uploading your own public key if you have direct access to the system.
Sending your public key to the system administrator is achieved by way of sending an email or some other form of messaging. There is no level of compromise in the format of the file, so reading it out over a telephone call is not likely a good way of achieving this end.
Uploading your own public key can be done semi-automatically or manually. Manual uploading is the same process that the system administrator will follow:
- - Connect to the system using a username/password combination;
- - If the ~user/.ssh directory or authorized_keys file don't exist, they will need to be created:
chown user ~user/.ssh
chmod 600 ~user/.ssh
chmod 600 ~user/.ssh/authorized_keys
- - Modify the remote user's authorized_keys file using your favourite (vi) editor. This will be in the following format with NO extra whitespace:
ssh-rsa KeyWithLinesAndSpacesJoined description
We would suggest that you use the former if you have the means:
- - On UNIX-based systems, open your favourite terminal program and run the following (user will need to be replaced with your remote username and host will need to be replaced with either the hostname or IP address of the remote system):
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
- - Enter your password.
From this point on, assuming key-based authentication has been enabled on the remote system, you will be able to login to the remote system again without entering your password. You will, however, need to enter the passcode that you used when creating the keypair originally.
You can further secure what can be done by editing the ~/.ssh/authorized_keys on the remote system, specifying what commands the user can execute through the use of the relevant key as follows:
from="username", command="/usr/local/bin/remote_script.sh", ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNGZ9Be...