If you use ssh to connect between machines, you can do lots of handy configuration by creating a text file called "config" in your ~/.ssh directory. You set nicknames for servers you access regularly, identity files for automatic authentication, and port forwarding.
An example entry:
Host cl-exp Hostname 12.11.10.9 User ec2-user IdentityFile ~/.ec2-keys/mykeyfile.pemHost dept Hostname gate01.dept.cam.ac.uk User rc01 LocalForward localhost:5950 l49:49 IdentityFile ~/.ssh/dept_dsa
Automatic authentication
It is possible to set up automatic authentication, so that you don't need to enter a password. To do this:
(1) Create the key
ssh-keygen -t rsa
or
ssh-keygen -t dsa
You can use the default name (id_rsa or id_dsa) or create your own. You have the option to set a passphrase, or leave in blank. You should be aware of the security risks of leaving it blank - someone who has, or gains access to one machine can then access the other. However, it can be useful for automatic scripts or quick access.
(2) This will make two files - a public one ending in .pub (e.g., id_rsa.pub) and a private one (e.g., id_rsa). The private key should have tight permissions, so that only you can read it - for example, with
chmod 600 .ssh/id_rsa(3) The public key should be copied into a new line on the end of the file ~/.ssh/authorized_keys on the destination machine.
(4) If you used the default key name, you should be able to then connect with
ssh [the host name]If you used your own name, use
ssh -i [private key file name] [the host name]
e.g., ssh -i .ssh/dept_dsa gate01.dept.cam.ac.ukIf it doesn't work, try changing the type (rsa/dsa, see step 1)
(5) You might then want to set up a config file that contains the name of the key file (IdentityFile parameter)
No comments:
Post a Comment