Ssh simple explanation

No matter how many times I configure ssh keys, I rarely have the process go smoothly. It is time to write down how it works so I can get it straight in my head.

Moving pieces[edit]

• ssh-agent : this is client software that can hold credentials for use when connecting to remote hosts, allowing passwordless entry. Use looks like: ssh-agent bash then ssh-add. Often, X sessions can be used as the ssh-agent and configured to prompt when it needs to perform an ssh-add.
• private key : generate this with ssh-keygen. It must have 0600 permissions and usually lives in ~/.ssh
• public key : generate this with ssh-keygen. It must have 0600 permissions and usually lives in ~/.ssh. This file should be distributed to remote hosts and placed in the authorized keys files to allow ssh access to that remote host.
• authorized keys file : this is a list of users and hosts that have access via ssh to this account
• known hosts file : a list of hosts that have been visited and thus authorized

ssh without passwords[edit]

on From machine[edit]

• ssh-keygen
• copy public key to To machine

on To machine[edit]

• append the public key to the ~/.ssh/authorized_keys file for the user connecting

on From machine[edit]

• ssh-add to establish identity
• ssh to To machine: you should not have to use a password

Troubleshooting[edit]

• /var/log/secure on the To machine can give good clues about failures
• ssh -v on the From machine can expose some kinds of failures
• su to the user account on the destination to flush out any problems with the account itself

ssh without passwords for cron[edit]

A special private key can be generated without a passphrase. Distribute the public key as normal, but when issuing the ssh command in a script, include the identity (private key) without a passphrase:

ssh -i /home/rday/.ssh/cronkey <remote machine> command

There, that wasn't so hard.