The recommended protocol to use to generate keypairs isĀ RSA.
To generate a keypair
- Login as the user which will use an outgoing ssh connection.
|
|
- Generate the keypair:
ssh-keygen -t rsa -f <filename> -P ""
This will generate two files: | <filename> is the secret portion of the keypair and must NEVER be sent to any partners. | <filename>.pub is the public portion to keypair and this will be used to setup remote
password-less logins from this account. To enable , the partner will append the contents of this file to: <remote account home directory>/.ssh/authorized_keys file
|
This process generates password-less keypairs which are useful for automated logins that will not challenge the user for a password or passphrase. If you wish to associate a passphrase with the generated keypair, simply omit the string: -P "" |
To enable remote logins
- Copy the public file to the remote account on the remote server. You will be prompted for the password. Do this from the same user account that generated the keypair:
scp <filename.pub> <remote_user>@<remote_host>:
<remote_user>@<remote_host>'s password: ********
|
- Login to the remote server from the same user account. You will again be prompted for the password:
ssh <remote_user>@<remote_host>
<remote_user>@<remote_host>'s password: ********
|
- From the remote login prompt create the authentication directory by running the following commands (do not be concerned if the first command fails):
mkdir .ssh
chmod 700 .ssh
|
- Place the contents of the public key into the appropriate file. This command will create this file if it does not already exist or append to the end of the file if it does exist:
cat <filename>.pub >> .ssh/authorized_keys
|
- Delete the public key file on the remote host (it is no longer necessary)
rm <filename>.pub
|
Alternately, send the public key to the admin of the remote host and they will take care of all this.