Optional
Advanced
Security implications, not recommended for everyone.
Prerequisit: Install
cygwin
on a Windows
machine.
On the
Windows machine,
generate RSA (key-pair) public key and private key:
Double click on the cygwin icon
, a black screen pops up,
ssh-keygen -t rsa
Enter file in which to save the key (/home/username/.ssh/id_rsa): just hit
Enter
Enter passphrase (empty for no passphrase): just hit
Enter
Here is a
diagram of some of the possible topologies
of your internal network.
Copy your public key to a Linux machine
with sshd running
scp .ssh/id_rsa.pub username@remotehost:~
(remotehost can be a host name or an ip address) (substitute username
with the actual user logon)
ssh username@remotehost
mkdir .ssh
If the file ~/.ssh/authorized_keys
exists, you probably don't
want to destroy that file, do:
cat id_rsa.pub >> .ssh/authorized_keys
If the file ~/.ssh/authorized_keys
does not exist, do:
mv id_rsa.pub .ssh/authorized_keys
Copy your public key to a LRP box
with sshd running
If the remotebox has the file /root/.ssh/authorized_keys
in existence, you probably
don't want
to destroy it. In that case, do: (remotebox can be a host name or an ip
address)
scp .ssh/id_rsa.pub root@remotebox:/root/.ssh/newkey
ssh root@remotebox
cd /root/.ssh
cat newkey >> authorized_keys (this appends the newkey to the authorized_keys)
(If you like, make the keys permanent by typing
lrcfg
and backup root )
If the remotebox does not have file /root/.ssh/authorized_keys
in existence:
(also make sure that on the LRP box, /root/.ssh directory exists,
if not, create one by doing this)
ssh root@remotebox
cd /root
mkdir .ssh
now copy the RSA public key to the LRP box:
scp .ssh/id_rsa.pub root@remotebox:/root/.ssh/authorized_keys
Test the RSA key-authentication scheme, from the
Windows machine:
ssh username@remotehost (to
a Linux machine) or
ssh root@remotehost
(to a LRP box)
(remotehost can be a host name, or an ip address)
You should be able to login to the remote without typing password.
pwd
shows you that you are in /home/username (Linux box) or in
/root (LRP box)
If above is not successful, check sshd configuration:
vi /etc/ssh/sshd_config (on the Linux box)
RSAAuthentication yes
PubkeyAuthentication yes
or
ae /etc/ssh/sshd_config (on the LRP box)
RSAAuthentication yes
PubkeyAuthentication yes
Disclaimer
© 2002-2004
Nicholas Fong
Last revision date: September 13, 2004