Changes between Version 1 and Version 2 of faq/public-private-key-generation


Ignore:
Timestamp:
Mar 18, 2008, 1:24:19 PM (12 years ago)
Author:
Daniel Kahn Gillmor
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • faq/public-private-key-generation

    v1 v2  
    1 = How can I login to my primary host server without having to enter the server password =
     1[[PageOutline]]
     2= How can I login to my primary host server without having to enter my account's password? =
    23
    3 Normally, when you login to our servers using either [wiki:secure_shell secure shell] or [wiki:sftp Secure FTP], you need to provide a username and the password for that username. Although this information is passed to our server in an encrypted form, it is still cumbersome to remember yet another password and less than ideal to have to send your password over the Internet every time you want to login.
     4Normally, when you login to our servers using either [wiki:secure_shell secure shell (a.k.a. ssh)] or [wiki:sftp Secure FTP (a.k.a. sftp)], you need to provide a username and the password for that username. Although this information is passed to our server in an encrypted form, it is still cumbersome to remember yet another password.
    45
    5 An alternative way to login to your server is to generate a public key and a private key (keys, in this sense, are simply small text files containing a lot of characters that appear random). When generating a public and private key, you will be asked to come up with a password to protect your private key. Then, copy your public key to the server. Once your public key is in place, you can [wiki:secure_shell secure shell] or [wiki:sftp Secure FTP] into the server without needing to enter your user's server password. Instead, you will be prompted for your private key password and if you provide the proper private key password, you will be allowed into your account.
     6An alternative way to login to your server is to generate a public key and a private key (keys, in this sense, are simply small text files containing a lot of characters that appear random). When generating a public and private key, you will be asked to come up with a password to protect your private key. Then, copy your public key to the server. Once your public key is in place, you can [wiki:secure_shell secure shell] or [wiki:sftp Secure FTP] into the server without needing to enter your user's server password. Instead, you will be prompted for your private key password locally and if you provide the proper private key password, you will be allowed into your account.
    67
    7 Using this method - you could copy your public key to multiple accounts and every time you login, you only need to enter your private key password - not needing to remember all the other server passwords.
     8Using this method - you could copy your public key to each remote account you use.  Every time you login after that, you would only need to enter your private key password locally - and not need to remember all the other server passwords.
     9
     10== Generating your key ==
    811
    912If you are using a Linux or Mac OS X computer, you can easily generate a private and public key by opening your terminal (on a Mac it is in Applications -> Utilities, on Linux computer look in your Accessories or Utilities menu). Here's an example of me generating my keys. You can do the same by simply typing the first line below:
     
    2225}}}
    2326
    24 Now that you have a public key, you will want to copy it to the server on which you want to use it. With the following command replace USER with your username and SERVER with your server name, like malcolm.mayfirst.org:
     27== Setting up your key for access to a server ==
     28
     29Now that you have a public key, you will want to copy it to the server (or servers) on which you want to use it. With the following command replace `USER` with your username and `SERVER` with your server name, like `malcolm.mayfirst.org`:
    2530
    2631{{{
     
    3439}}}
    3540
    36 Congratulations. Now, whenever you want to secure shell or secure FTP into your site, you will be prompted for your private key password rather than your server password.
     41You only need to do this once for each server you plan to access this way.
     42
     43== accessing the server using your key ==
     44
     45Congratulations! Now, whenever you want to secure shell or secure FTP into your site, you will be prompted for your private key password rather than your server password.
     46
     47== Further reading ==
     48 * [http://www.securityfocus.com/infocus/1810 SSH user identities] by Brian Hatch
     49 * [http://lackof.org/taggart/hacking/ssh/ ssh best practices] by Matt Taggart