Literature
Africa |
SSH CertificatesCertificatesCryptographic certificates, or "keys", help you to login from one machine to another without having to type passwords. You can have multiple certificates, e.g. one on a personal laptop, one on a desktop PC, one for use on group workstations. These can also be used to authenticate with GitHub. If you would like to connect from machine A (local) to machine B (remote) you must: Generate a public/private key pairOn Linux or Os X:[user@machine_A ~] ssh-keygen -t ed25519
On WindowsOpenSSHOpenSSH operates much the same as on Linux and MacOS. The difference is that the ssh-agent service will persist keys in the Windows (user) registry. See the Microsoft guide on User Key Generation. If you don't have OpenSSH installed, follow the Microsoft guide. Note that you only need the client component, you can ignore the server parts. Windows Subsystem for LinuxWithin a WSL distribution PuTTYPuTTY is an integrated terminal and SSH client.
Send your public key to one of our sysadminsYour key can be deployed to our group machines via Foreman.
Be sure to keep your key private, only send the Add the public key to the authorized_keys file on a machineTo manually add your key to a machine, add the public part to the [user@machine_A ~] scp .ssh/id_dsa.pub machine_B:~/.ssh/new_key.pub [user@machine_B ~] cat new_key.pub >> authorized_keys Helper scriptA script to help to copy the key, make directories, fix permissions: Attach:ssh_installkey Certificates with passwordsYou can get the benefits of the certificates and retain the security of passwords if you generate a certificate with password, and then use SSH, X11 and suIf you connect to another PC using [sergio@psi ~]$ sudo xlogo [sergio@psi ~]$ sudo su [root@psi sergio]# xlogo X11 connection rejected because of wrong authentication. X connection to localhost:10.0 broken (explicit kill or server shutdown). but you can solve this by [root@psi sergio]# xauth merge ~sergio/.Xauthority [root@psi sergio]# xlogo (of course it must be Once in a while, check your |