Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

SSH public key authentication

I’ve been having fun with SSH lately. Did you know you can set up SSH so you can log in to servers without having to provide a password? It’s called “public key authentication” and is apparently more secure than using a normal password. You generate a public/private key using a program called ssh-keygen, and store a copy of the public key on the server(s) you wish to authenticate with. When you attempt to log in, the server sends you a message encrypted with your public key—your machine decrypts it and sends back the original message, proving your identity.

I learnt how to set it up from this PDF file (well, actually the Google HTML conversion). PuTTY on Windows has the same capability but needs to be set up in a very different way—information on that can be found in the excellent PuTTY documentation.

I’m probably the last person on earth to cotton on to this, but it’s so neat I just had to share.

Posted 20th February 2003 at 6:38 pm

This is SSH public key authentication by Simon Willison, posted on 20th February 2003.

View blog reactions

Next: Slow professional suicide

Previous: Python for Java programmers

7 comments

  1. Next, you need to play around with the joys of using SSH as a secure conduit between machines for all kinds of magic. Of course there's scp, and of course there're forwarded ports... But the first time I saw a single command line invocation pipe together a find command, tar, and ssh in order to do a highly quirky and selective transfer of files from one machine behind a firewall to another behind another firewall, I couldn't stop giggling like a school girl. Yes I am a nerd of the most depraived sort.

    l.m.orchard - 20th February 2003 21:28 - #

  2. Actually, I got around doing that with PuTTY today. What a coincidence ;).

    Breyten - 20th February 2003 21:47 - #

  3. Long as I'm not the only one who enjoyed getting ssh key auth working (that or it was the 10 hours straight I'd been working on creating my uni project beowulf cluster, prolly that really)

    Gavin - 20th February 2003 22:39 - #

  4. Excuse me for this one, but: "netcat si teh k3wlezt hax0r t00l!" And back to normal mode: I didn't know about that ssh feature, thanks! (Also, "to cotton on to something" is an expression I learned two days ago while reading The Hitchhiker's Guide To The Galaxy. It always strikes me how often I see a new phrase after I just learned it.)

    Jan! - 21st February 2003 00:18 - #

  5. A very nice thing (if you have to use windows) is to use ssh tunneling for secure CVS to your central server using putty/pageant/tortoiseCVS. Oh and while we're on tortoise, theres a tortoise for subversion being developed.. hurrah!! refactoring with CVS can be a *very* pain.

    Tim Parkin - 21st February 2003 10:12 - #

  6. I dunno if this commenter supports html, but, I wrote a tutorial on how to set up SSH-Agent with XFree86, so that all terminal emulators are a child of Agent and therefor have your key available. It needs to be updated for SSH2, but the only real difference is what key file you point to.

    Sam - 21st February 2003 13:36 - #

  7. On the topic of fun tools, give Expect a try some time. I haven't done much with it, but it's kind of cool to have a trained monkey do things that pipes and redirects can't handle (e.g. behaving differently, based on the results of a command).

    Joe Grossberg - 21st February 2003 16:55 - #

Comments are closed.

Previously hosted at http://simon.incutio.com/archive/2003/02/20/sshPublicKeyAuthentication

A django site