SSH supports authentification with Public/Private keys. If you create a key with no passphrase, ssh can be used as convenient rsh replacement with many advantages.

Creating a key pair

module load openssh cd ~ mkdir .ssh chmod 755 .ssh cd .ssh ssh-keygen -t dsa chmod 600 id_dsa

Authorizing the key

to authorize a key, put its public part in the file authorized_keys in the .ssh directory.

To authorize the key that you just created type: cd ~/.ssh cat id_dsa.pub >> authorized_keys chmod 644 authorized_keys

Important: The directory ~/.ssh must not be a symbolic link, or none of this will work!

Step by step commands from a Unix shell

• Open a shell on your local machine and type:
• ssh-keygen -t dsa (press enter every time it asks you something :)).
• cd .ssh
• ls (it should display at least 2 files: id_dsa and id_dsa.pub)
• scp id_dsa.pub YOUR_USER_NAME@asterix.unibe.ch:~/.ssh/new_authorized_keys
• ssh YOUR_USER_NAME@asterix.unibe.ch
• cd .ssh
• ls
• If there already is a file named authorized_keys in the directory
  • then copy the contents from the new_authorized_keys in the authorized_keys (cat new_authorized_keys >> authorized_keys),
  • otherwise just rename the file: mv new_authorized_keys authorized_keys.
• dont delete your local id_dsa!!!

Example: authorize your Mac/PC for kilana:

• create a key pair on your mac/pc
• sftp the (public part of the) id_dsa file over to your kilana account (makes it easier to cat the files. Just make sure you do not override the kilana id_dsa file :-) )
• cat the file with the authorized_keys file as explained above

Tarpits

• Keep your private key SAFE. (check the file permissions)
• the home and .ssh directory must not be writable by group and other users.

Links

• Putty a SSH Suite for Windoze :): http://www.chiark.greenend.org.uk/~sgtatham/putty/
• http://www.openssh.org/