Here is the how to setup a public key for ssh authentication. so you don’t have to login using root and keep the system secure. The other advantages (which I needed most) are you can run automated maintenance tasks/checks on other machines including rsync over ssh like I did.
Ok. Let’s begin.
1. Create the private and public keys :
{code}ssh-keygen -t dsa{/code}
You will be prompted for a key location, the default is fine so just press enter. Then you are asked to enter a passphrase. From man ssh-keygen :
The program also asks for a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length. A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, whitespace, or any string of characters you want. Good passphrases are 10-30 characters long, are not simple sentences or otherwise easily guessable (English prose has only 1-2 bits of entropy per character, and provides very bad passphrases), and contain a mix of upper and lowercase letters, numbers, and non alphanumeric characters.
If you are intending to set up automated tasks that will use this key it is probably best not to supply a passphrase although it will inevitably be less secure.
2. Copy the public key to the server (you will need to enter the password) :
{code}cat ~/.ssh/id_dsa.pub | ssh user@server “cat – >> ~/.ssh/authorized_keys”{/code}
The public key you have just created is piped to ssh and store them as authorized_keys. Please remember that if you have PermitRootLogin without-password setting in sshd_config, you must disable it first to store that public key. You can set back to without-password again after the public key were copied.
3. That’s it, to test it just ssh to the other server and you shouldn’t need a password. If you entered a passphrase then you need will need to enter it when prompted:
{code}ssh user@server{/code}
Now how about ssh-agent ?
Using ssh-agent to store passphrases
If you decided to use a passphrase then you need only enter it once per session using ssh-agent and ssh-add.
1) The parent shell process in which you work should be started by ssh-agent – ie:
ssh-agent /bin/bash
2) Then to store your passphrase for that session run:
ssh-add
Enter your passphrase when prompted
3) Thats it, to test it just ssh to the other server and you shouldn’t need a password or passphrase:
ssh user@server
If you use a desktop environment or window manager you can start it in the same way as a the bash shell was above with ssh-agent so that any child processes (terminals etc) also have access to your passphrase.
