On this page... (hide)
Cryptographic certificates help you to login from one machine to another without having to type passwords.
If you would like to connect from machine A (local) to machine B (remote) you must:
[user@machine_A ~] ssh-keygen -t dsa
- Accept the default location and name (/home/dalton/.ssh/id_dsa).
- Don't give a passphrase (because that will defeat the point of not needind to type passwords.)
- Bear in mind that without a passphrase, anyone that gains access your account will also gain access to you account on the other servers that you have already distributed the key to.
- But read the item below about
ssh-agent, for enhanced security
- There will be 2 files, id_dsa (keep contents secret) and id_dsa.pub.
1.2 On Windows, for PuTTY
- get PuTTYgen
- see http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter8.html
- get the public key from "Public key for pasting into authorized_keys file"
[user@machine_A ~] scp .ssh/id_dsa.pub machine_B:~/.ssh/new_key.pub [user@machine_B ~] cat new_key.pub >> authorized_keys
A script to help to copy the key, make directories, fix permissions: Attach:ssh_installkey
You can get the benefits of the certificates and retain the security of passwords if you generate a certificate with password, and then use
ssh-agent. But this is not-trivial, so you should really read
If you connect to another PC using
ssh -X, you can run remote graphical programs and have them display on your machine. Things are still fine if you use
sudo, but if you su to another account it will not work:
[sergio@psi ~]$ sudo xlogo [sergio@psi ~]$ sudo su [root@psi sergio]# xlogo X11 connection rejected because of wrong authentication. X connection to localhost:10.0 broken (explicit kill or server shutdown).
but you can solve this by
[root@psi sergio]# xauth merge ~sergio/.Xauthority [root@psi sergio]# xlogo
(of course it must be
Once in a while, check your
xauth list and, if there is too much old stuff, use
xauth remove, or just
rm .Xauthority and login again.