HOWTO: SSH | Beckbox

Log into remote servers without a password!!

Estimated setup time: 5 minutes

Why you want this: it’s much more secure than passwords, and a lot easier than it looks! Plus you’ll never have to type in a password to log into a server again!

Open your command line (an xterm or system console):

Run the command ssh-keygen.

jamieson@guam  ~/.ssh/ $ ssh-keygen

Generating public/private rsa key pair. Enter file in which to save the key (/home/jamieson/.ssh/id_rsa): [hit enter] Enter passphrase (empty for no passphrase): [enter your passphrase] Enter same passphrase again: [you figure it out] Your identification has been saved in /home/jamieson/.ssh/id_rsa. Your public key has been saved in /home/jamieson/.ssh/id_rsa.pub. The key fingerprint is: 4a:6a:3a:69:33:95:6e:29:bc:a4:f1:25:77:d2:d3:10 jamieson@guam

Install keychain, which is a great little shell script that will hold your private key open for you after you enter your passphrase just once:
```
jamieson@guam  ~/.ssh/ $ sudo apt-get install keychain
```
or if you’re using redhat etc, or you could use pacman/emerge/etc for your distro:
```
jamieson@guam  ~/.ssh/ $ sudo yum install keychain
```
Load keychain in either your .bashrc or your .bash_profile, depending on which your Linux uses for automatically run scripts[2]:
```
vi ~/.bashrc
```
(tip! the ~ is short for your home directory) Then add this to the end of the file:
```
# Load keychain
if [ -f /usr/bin/keychain ]; then
    [ -f $HOME/.ssh/id_rsa ] && keychain -q $HOME/.ssh/id_rsa
    [ -f $HOME/.keychain/${HOSTNAME}-sh ] && source ~/.keychain/${HOSTNAME}-sh
fi
```

Run them by hand at first to make sure that they’re installed in the expected places:

jamieson@guam  ~/ $ keychain -q $HOME/.ssh/id_rsa
jamieson@guam  ~/ $ source ~/.keychain/${HOSTNAME}-sh

If everything works ok, you should be prompted for your passphrase! Once you enter it, you’ll be good to go!

Sending us your public key

PLEASE, please don’t send us or anyone else your private key. Only your public key should ever be shared. It’s easy to tell the difference: the public key ends in “.pub”. (Shocking, I know.) You can upload your public key on a website, email it in unencrypted email, etc. Ideally, you’d have some way of proving that it was you that was actually sending the public key (to prevent some attacker from replacing it with his own enroute), but actually encrypting it isn’t necessary; in fact, you can share it with the whole wide world. Probably why it’s called a public key.

cat the file:

jamieson@guam  ~/ $ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAURlDrPR/0NZyywuF4AslCQ== jamieson@guam

Yours will likely be much longer, of course. I edited it for clarity. We need the whole thing. Note that if yours doesn’t start with ssh-rsa or ssh-dsa, you’re probably in the wrong file! The comment can be changed to whatever you like.
Copy/paste it into any web page form or email form. Here’s a trick for you: just select it (you might have to hold down shift), then use your middle mouse button to paste it into a web page. (No need to press control-C or anything like that.) If you don’t have a middle mouse button, often you can press both buttons at the same time to emulate a middle mouse button.

Ensure that if you’re on a laptop or walk away from your computer that you lock the screen. Most window managers can do this simply by pressing control-alt-L.

Note that you actually have to be running bash. Recent versions of Debian have switched to dash, which means that your .bashrc might not ever get run, so you may wish to sudo vipw and change your /bin/sh line to /bin/bash. Also, your Linux distribution may never try to execute .bashrc or .bash_profile at all, or you may wish to run a different shell altogether, so consult the documentation if needed.

Share/Bookmark

Open your command line ( Applications > Utilities > Terminal, specify /bin/bash if asked )

Run the command ssh-keygen.
If everything works ok, you should be prompted for your passphrase the first time you try to log in! Once you enter it, you’ll be good to go!

Sending us your public key

catthe file:

jamieson@guam  ~/ $ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAURlDrPR/0NZyywuF4AslCQ== jamieson@guam

Yours will likely be much longer, of course. I edited it for clarity. We need the whole thing. Note that if yours doesn’t start with ssh-rsa or ssh-dsa, you’re probably in the wrong file! The comment can be changed to whatever you like.
Copy/paste it into any web page form or email form.

Ensure that if you’re on a laptop that you require a password to log in (in case you ever leave your laptop on the train or something) and that when you walk away from your computer that you get in the habit of automatically locking the screen. Click here for a quick way on OS X to lock the screen. (If you’re looking for a good combo, Control-Shift-L matches how it’s done in Linux.)

Share/Bookmark

Windows does not include a terminal emulator, so you will need to install one. I recommend the PuTTY terminal emulator. Get the putty-installer.exe containing a Windows installer for everything except PuTTYtel. (You probably will never need telnet unless you know you need it.)

Open PuTTYgen (All Programs > PuTTY > PuTTYGen).
Click the Generate button. Move the mouse in the public key area to generate entropy (randomness).
Enter a key passphrase — the longer, the better. You’ll only have to enter it one time every time you start up the system.
Click Save Private Key and save it to your desktop or startup folder. (recommend dragging to startup folder so you only enter the key once, at startup time.)
To export your private key (to send it to us, or upload it to us): copy and paste the public key in the scrolling box or save it as a file under Conversions > Export OpenSSH key. PLEASE, please don’t send us or anyone else your private key (PPK) file! (But you can spread the public key far and wide with no worries.)
One last step. You need to enter a username in any Putty set up window (Connection -> Data -> Auto-login Username). Don’t forget to go back to the terminal window and click Save, because it doesn’t automatically save when you click the Open button.

Don’t forget to save your ppk file in your startup folder.

Then you’ll see this once you reboot your computer (but not each time you log into a remote computer!)

Share/Bookmark

(p.s.: beckboxes are already set up for this and also have passwords turned off, but on a non-beckbox, you just have to put that public key in /home/yourusername/.ssh/authorized_keys. If that directory doesn’t exist, just create it. It’s advisable to also turn off password logins and remote root logins in /etc/ssh/sshd_config, if they’re not already disabled.)