I assume you already know the whys, concepts, and terminology; this is just a statement of the steps involved. I’m using OpenSSH and a DSA key pair.
Generate a key pair:
ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/Willie/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/Willie/.ssh/id_dsa. Your public key has been saved in /home/Willie/.ssh/id_dsa.pub. The key fingerprint is: f2:f7:5b:9b:f7:64:2b:d8:fe:ca:ad:f5:13:35:9f:63 Willie@ARCATA
This creates your key pair, and places them in your
~/.ssh directory. The public key is
id_dsa.pub; the private key is
id_dsa. If it isn’t already obvious, the public key is not a secret, and the private key is. :–)
Install the public key to any SSH servers for which you’d like to use PKA. To do this, SSH into the server machine and open up the
~/.ssh/authorized_keys file in a text editor. If you haven’t already installed a public key to the server in the past, then you’ll be creating a new file. Just append the contents of your id_dsa.pub file to
authorized_keys. Here’s mine:
ssh-dss AAAAB3NzaC1kc3MAAACBAOybEZ4kAaKROXoibeR+V/ajTY3L/aN6K5lVbdWKsw+9uPl/cyj4 6Qu5UYHkLS5tiGci8Olx7jNfku4/k1z8/JoGDTqwAixMxgb/NNKTUB7ZnhxfVTenSI/oVtM/lNpCiOdg U7ESOyNrxPFVU6K1pWId+LGxeweWTw+08vwIOShTAAAAFQDx6q5JWhV2EDGUMXFwj3QF8+8a4wAAAIBW Mee5MphZPYxG7la772tAYREo+37eXfP3SW49GmPHJFdydFcf5VtroLlzKJ1Iy9HUwnKjiEv2qE1B2xVD jJslgQ34QVKKswQDRCXlyshyKbbRMd37MSYNpNqdZ5gTJT+EMa8+NoTUGwXOitSMMtx2WmpVo4Fu7Fp1 eDYvSVChjAAAAIB6uisHso6iPMz11qbKNaHSIqIAV+7iNJZD7aeFuytLDG20Y70b4Jy4Mr4g8RH+MtAL fyq6aTcv/g/j2DMeJjwjqLXQFbaFekmQEOfoQ6IZJ5CylthMP1PzRcR5KeCUInKj9CRkTlWLlTMk5es+ VEebIHg9SWNstkjWBLwlQhemgA== Willie@ARCATA
(For formatting purposes, I’ve included line breaks above, but don’t introduce line breaks into your public key when you paste it into
Adjust the permissions on your
.ssh directory, and on the files inside it, so that nobody else can write to them.
Set up the SSH agent. This allows you to enter your passphrase one time per shell session instead of having to type it in every time you want to SSH to your server. Just type
ssh-agent followed by
ssh-add. Some people just put this in their startup script (e.g.,
.bash_profile). You’ll need to use
eval $(ssh-agent) instead of
ssh-agent if you choose to do that. You’ll have to enter your passphrase every time you open a shell, but after that you can SSH anywhere where you’ve installed your public key without having to enter your passphrase.