SSH and Public Key authentication

I was toying around with this for a way to automate a backup but do it over a secure connection. Here is the basic instructions that I have for at least setting up the key authentication. Also, WordPress mangles apostrophes so if you copy the commands from here and paste them into a shell it may put them as periods.

Run this on the local side
ssh-keygen -t rsa

To avoid using a password with the key just hit enter twice
If the remote side does not have an .ssh directory you must create one.

ssh remoteusername@remoteserver mkdir -p .ssh
Put in your password

This next command will either create or append the local public key to the remote side authorized_keys file
cat $HOME/.ssh/id_rsa.pub | ssh remoteuser@remoteserver ‘cat >> .ssh/authorized_keys’

If everything worked fine then you can just run this command and it will let you drop in.
ssh remoteuser@remoteserver

Important information!!!

Something I have found on this so far is that if the ‘authorized_keys’ file does not have the right permissions then this will NOT work. Below are the permissions you should have on the various affected directories and files.

Permission caveats
Remote .ssh should be 700
Local .ssh should be 700
Remote authorized_keys should be 600
Local id_rsa file should be 600
The authorized_keys file just contains your public key. Of course you should lock down the private key as much as possible. Also, not having a password on the key method brings up other security issues that are described elsewhere in greater detail than I have time to write about.
The last thing I encountered was my home directory on the remote side did not have the proper permissions so I had to run this command.
chmod go-w ~/

Sources used for this information:

For the instructions I went here.
http://linuxproblem.org/art_9.html
I went here to Figure out the permissions thing here.
http://forum.webfaction.com/viewtopic.php?pid=8323
This helped me with the permissions on my home directory.
http://sial.org/howto/openssh/publickey-auth/problems/
I also got help from a good friend of mine that already got this working.
Chris

2 comments

    • chuck on 1/13/2010 at 10:15 pm

    wow i know what u mean.

    • Jacob on 1/13/2010 at 10:34 pm
      Author

    I am sure you do.

Leave a Reply

Your email address will not be published.