|
L i n u x H e l p
: :
: :
: :
: :
|
Generating RSA keys for SSH authorization On a UNIX system
This Document is designed to illustrate how to generate RSA keys to allow
a passwordless login or authentication via SSH on a UNIX or Linux system.
Initial Key Generation
Run ssh-keygen :
[panic:/home/krnl]$ ssh-keygen
Initializing random number generator...
Generating p: .++ (distance 8)
Generating q: .++ (distance 8)
Computing the keys...
Key generation complete.
Enter file in which to save the key (/home/krnl/.ssh/identity):
Press the "Enter" or "Return" key
For the next 2 prompts, enter the passphrase you want to use.
(for passwordless authentication, press the "Enter" or "Return" key)
Enter passphrase:
Enter the same passphrase again:
Your identification has been saved in /home/krnl/.ssh/identity.
Now you get your public key to copy to the server or servers.
Your public key is:
1024 33 111169873587245345498798787235987173176539915928847841801074617059136044
18112027958045436692822448639026002614546220685078910491334727877707050658001885
33054562010657605452745257654005607173223787815937358915376670760862014949354781
17010986666777176404809146568040040324385084912146975575625139603544199861431 kr
nl@panic
Your public key has been saved in /home/krnl/.ssh/identity.pub
Logging on and copying the public key to the server
Logon to the remote host
[panic:/home/krnl]$ ssh worldlet
Host key not found from the list of known hosts.
Are you sure you want to continue connecting (yes/no)? yes
Host 'worldlet' added to the list of known hosts.
krnl@worldlet's password:
Last login: Thu Mar 30 12:08:52 2000 from world.domination.org
(worldlet) Slackware Linux, Installed Tue Mar 21 12:58:45 MST 2000
No mail.
you are user krnl
/dev/pts/4
[worldlet:/worldlet/krnl]$
Cut and paste the key from the original host into the file
~/.ssh/authorized_keys
[worldlet:/worldlet/krnl]$ vi .ssh/authorized_keys
Once you've copied the key, you can logoff and relogon to test the key.
The output should look like a normal ssh session except without a form of
krnl@worldlet's password: prompt.
If you entered a passphrase when generating the RSA key you will get a
prompt similar to the one below :
Enter passphrase for RSA key 'krnl@panic':
Recreating the RSA key or creating additional RSA key pairs :
Run ssh-keygen :
[panic:/home/krnl]$ ssh-keygen
At the following prompt, Press the "enter" or "Return" key to recreate the
key and get the prompt in Step #3.
Enter file in which to save the key (/home/krnl/.ssh/identity):
If you are creating a new, additional pair (for a private key to copy to another
system, like a macintosh) enter in the new prefix name for the pair (like for the Macintosh, identity.macos).
If no path is specified with the name, (Example: Mac-files/identity.macos
)the pair will be placed in your home
directory
Answer y to the following prompt :
/home/krnl/.ssh/identity already exists.
Overwrite (y/n)?
If you recreated the key, you must replace the public RSA key in every
server's .ssh/authorized_keys file you connected to (from this system)
with the contents of your new ~/.ssh/identity.pub file.
If you created an additional RSA key pair and subsequently skipped step #3, you
need to :
Copy the private RSA key (the one without the .pub extension Example:
identity.macos) to the host
you wish to connect from in the appropiate directory for that system
(For example, the NiftyTelnet directory on a Macintosh or the
~/.ssh/ directory on another UNIX system)
Copy the contents of the public key (the .pub file with the same prefix as
the private key file Example: identity.macos.pub) into the
~/.ssh/authorized_keys file of every
server you wish to connect to using the private RSA key of the pair.
(cat identity.macos.pub >> ~/.ssh/authorized_keys)
Additional Notes :
The encryption key must be copied to ~/.ssh/authorized_keys on the SERVER
machine, (the one you are connecting to) in order to authenticate. This
can be done either by cutting and pasting the key into the file,
or by copying the ~/.ssh/identity.pub file from the LOCAL host
(where you connecting from) to the SERVER, and annotating it to
~/.ssh/authorized_keys with the command 'scp identity.pub krnl@worldlet:~/.ssh/authorized_keys'
|
|
|
|
|
L i n u x W o r l d N e w s
: :
: :
: :
: :
|
|
|
What in the hell is a KrnlPanic? Well, a KrnlPanic is me! Actually, let's start with "What is a kernel?". The
kernel is the core of your operating system (OS), whether your OS is Linux, Unix or windows. The kernel takes
care of all process management (what program runs and when), memory management (which parts of memory get used for what) and
also, the kernel takes care of interfacing the OS with your computer's hardware (disk drives, sound card, modem, network card, etc).
Now...since the kernel is doing all of these extremely important jobs, it stands to reason
that if it has an error, it will be a Bad Thing(tm).
If you use windows, you know a kernel panic as a "BSOD" or Blue Screen of Death. Or how about "Invalid Page
Fault in KERNEL32.DLL". I'm sure you've probably seen both of those. In Linux, a Kernel Panic is normally plainly stated
so. At boot time is when you will see most linux panics. I have yet to see a linux kernel panic while the system is running.
You may have seen "Kernel Panic: init not found" or "Kernel Panic: VFS unable to mount root fs on 2:00". All of these previously
listed errors are because of something that happened to the kernel that it couldn't handle, whether it was an access to an
invalid memory location or the inability to find the initialization files it requires.
I hope that sufficiently explains things. Oh yeah...KrnlPanic is also my name ;-)
- Rick
|
|
|
|
|
|
S l a s h d o t / F r e s h m e a t
: :
: :
: :
: :
|
Slashdot and Freshmeat Headlines at 1328383196
(Unixtime)
|
|
|
|
