DormanResearch : SettingUpSSH?

Referers: 20080623KSD :: CMDone :: DealingWithSELinux :: LinuxHints :: MeDIPResearch :: SSH :: TortoiseSVN :: VNCDesktop :: (Remote :: Orphans :: Tree )

Dorman Wiki
Dorman Lab Wiki
ssh is a really important tool for securely connecting to remote computers.  In our lab, we have machines distributed across campus, and you'll find it very convenient to setup automatic password-less login with ssh.  This document describes how to get ssh running on linux (or Mac, same thing) and Windows to connect to remote linux machines, which I shall refer to as <remote_host>.  I have assumed that ssh-related files are stored in .ssh on linux machines.  I have assumed that public keys are stored in .ssh/authorized_keys on remote machines.  These assumptions should be pretty standard.

This document covers:
Other information:


  1. 0If you are running Windows, you need to download ssh software. You have two choices:
    1. Putty external link: I recommend this one.
      1. download putty.exe, pageant, puttygen and put them in a convenient directory
      2. a convenient graphical utility for transferring files that works well with Putty is WinSCP external link
    2. Download SSH Secure Shell, ISU site-licensed software.  However, I do not think that ISU's version can support passwordless login, so I do not recommend this approach.
      1. Go to http://www.it.iastate.edu/downloads/ external link and enter your ISU username/password.
      2. Select Windows operating system.
      3. Select SSH Secure Shell and install the downloaded software.
  2. 0Try connecting to a linux machine.
    1. With Putty
      1. Start putty (find it wherever you saved it, using Windows Explorer, and double-click)
      2. Under Session Category, type hostname (e.g. cirilo.zool.iastate.edu) for Host Name, make sure Port is 22, and Connection type is SSH.
      3. Under Connection->Data Category, enter your username (e.g. kdorman)
      4. Back under Session, enter a name (e.g. cirilo) to remember this connection in Saved Sessions box, and click Save .
    2. From a linux machine: ssh <hostname>
    3. With SSH Secure Shell
      1. Double-click on the install SSH Secure Shell.
      2. Click Profiles -> Add Profile... and name your new profile (e.g. cirilo).
      3. Click Profiles -> Edit Profile... and click on your newly named profile.
      4. Enter the hostname (e.g. cirilo.zool.iastate.edu)  and username (e.g. kdorman) and close the window.
      5. Select Profiles -> newly named profile
      6. The first time you will be told about the server key.  Click OK and enter your password when prompted.
  3. 0Generate your public/private key.
    1. With Putty (using Putty-generated key)
      1. Start puttygen (double-click) and make sure SSH-2 RSA is selected along with 1024 bits.
      2. Click Generate
      3. Enter a GOOD password and Confirm it.
      4. Click "Save Private Key", select a directory to save it in, and type a name, say id_dsa.ppk.  (Do not change the file type .PPK)
      5. Also "Save Public Key" for potential future use, call it id_dsa.pub.
      6. Use WinSCP external link to upload your public key to the <remote_host>.
      7. Connect to the <remote_host>, using username and password.  Then enter the following commands:
        mkdir -m 700 .ssh
        ssh-keygen -if id_dsa.pub >> .ssh/authorized_keys
        chmod 600 .ssh/authorized_keys
      8. Start Putty and Load your previously saved session.
      9. Under Connection->Auth, click Browse and locate your private key file, id_dsa.ppk.
      10. Under Session, Save the connection once again.
      11. Now open connection, and you should be prompted for your key password, instead of account password.
      12. You can quite puttygen now.
    2. With Putty (using linux-generated key)
      1. Create a key on the <remote_host> using the From a linux machine instructions below, or copy an already-generate private/public key pair from another linux host to .ssh/id_dsa and .ssh/id_dsa.pub (mkdir -m 700 .ssh if the directory does not already exist).
      2. Issue the following commands on the <remote_host>:
        ssh-keygen -if .ssh/id_dsa.pub >> .ssh/authorized_keys
        chmod 600 .ssh/authorized_keys
      3. Use WinSCP external link to transfer the private key .ssh/id_dsa to your Windows machine.
      4. Open puttygen and under actions, load the newly downloaded id_dsa file.
      5. Enter the passphrase when prompted.
      6. Save the file as a putty private key, say id_dsa.ppk.
      7. Now follow the instructions for Putty (using a Putty-generated key) above from step 3.1.8.
    3. From a linux machine:
      mkdir -m 700 .ssh
      ssh-keygen -t dsa -f .ssh/id_dsa # You will be prompted for passphrase.  Choose a good one!
    4. With SSH Secure Shell
      1. Edit -> Settings
      2. Select Global Settings -> User -> Authentication
      3. Click Generate new... and accept the default settings.  Then be patient.
      4. Click Next and pick a File Name (e.g. id_dss), Passphrase (confirm it also).
      5. You can now automatically upload the file, or you can do it later from Global Settings -> User -> Authentication -> Keys. The key is uploaded to .ssh2/id_dss.pub.
      6. Now log on to the <remote_host> (using a password) and issue the following commands to activate the key you just uploaded.
        mkdir -m 700 .ssh
        ssh-keygen -if .ssh2/id_dss.pub >> .ssh/authorized_keys
        chmod 600 .ssh/authorized_keys
        rm -fr .ssh2
      7. Now, try to connect again and you should be prompted for the key password instead of the account password.
  4. 0Password-less access
    1. With Putty
      1. Start pageant (double-click) and an icon will appear in your System Tray.
      2. Double-click the icon.
      3. Add key, find the private key file you saved earlier, and open it.
      4. Enter the key file password when prompted.
      5. Close the window.
      6. Start putty and connect to the server.  You should now get on without a password request.
    2. From a linux machine:
      ssh <hostname> mkdir -m 700 .ssh # Only necessary if you haven't already made such a directory
      cat .ssh/id_dsa.pub | ssh <hostname> "cat - >> .ssh/authorized_keys"
      ssh <hostname> chmod 600 .ssh/authorized_keys # Only necessary if such a file did not already exist
      ssh-add # Enter the password of your key.
      ssh <hostname> # Should be password-less.
    3. With SSH Secure Shell: I think this is not possible with the current licensed version (no Connection Broker distributed), which is why I recommend Putty!
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAlKrBSS3TOn0ulVJA8ojD45CAWOpzHikKD3UTWX1IymOadx88X+jm+87CW7RWI20YsUHjJ57FsQqXXvfmQcpG0D1hVuyRr2KM/NDB9kTJ5xwc9M55XjVu+BG7vDr3nMjE2VG86nfY2Zg+Z0pZR31m3ZyGXPJxU/KAzGeOsuJ8Ev0= rsa-key-20080623
ssh-dss AAAAB3NzaC1kc3MAAAEBALJzcO9kxtLW30NrCZLBfWYRP18RXh32oQR+tmZCBZY1Kb6wE7Qa6PrwElg2AlzLlaAd4Ma/tOaraPDPuHFKzK/aeURT5J09TnbI7Cc1rgWRVTNTOl14RcyqzQ27HrR6fp5imssGxPvz4mxwLK2kluc7+hv2MBeo8E6xnpsBnM8abQk0jTq7gCs7wWjLeHgCzXZ0qLZG0QIW2Q3N68+3/KbQ/YFW2WlVDbaDJ/2a3HpBW9wpo3aBifONBzDkW/5eUr8myrTOKi5u8uEgF9o6fHwZZJohBhSU9fJidswG3G0wZeqjrQJv+qaM4RMEm9Fcv6pzeo5L5GD2VDyidZjnRkEAAAAVAOvveVWjNgUVsDx6oRRJX63kMb1jAAABAQCb35KNdlW7p1k4ElYcZdINtXyN6X84omtDZi5DA5am4PRy/zxe+vgsB5+SrHB2UhN+2lXB1xsXGJX0gKjBjkTa7VKA/JdRuPAyzcXQjOl4ZvnynyKxFE0/C5yqdQfPe7eBCLTEKHcQIbTHlXgYJM+RmTeHay83WrQBfEBRakGS13eMB2jaUIoi3JfolllRaeTsQBTwQnBulWdWli81WzMXJDWYQAkGIpqDT1jakn76c74rs2qHwycEV4U3wbvh2LfYfkTY1OpcJ+NAUbD8WCNnmZp/ZLv01hrXAEBGcHgf3VrAPKrIRa2sonqOBLJ7jDu/tuCSw57eBc+c+VeKzQk6AAABACqn7uZy8ryoFthWyv6QwQEEilmEgYfNyg/+h+tplHMd68JN1bHv139X6AltG+P4vZiRm3xdrC4z4aECjzL2P7rHwJ6TpL6uu2gBkqlG0gBsg3JYWPcCDpVcAG4CiFvKT2wutXYy3xFKV3oapJr8uF/6+R2fU71RKFxrEW/BHkpDSHA+6MB3EKz8NWtDGXzLtyijTz0ypDjY8Y95gq8OHUytj/imwTEu5iJGt8j6+r+fxYPzSlIyEvwnn1KEKNzmXANzmJGhrXpw+aCc2z68iW651bOmjiOv1DXpEPGDotYipg4h2tmu0+Sn8vkdfHqr9f6Z6L7LZ6NSdQw6jm3ICP0=
ssh-dss AAAAB3NzaC1kc3MAAACBAOxBZ+BcE6P8pd1BmYlRaSke84edaEhnhQ0Kyvs7CuxMcfYg07DJpP4rwBTYtFU8prXwhYphPtqFKsv4BDGiCwn5WkSTAopKAmhFjlpirkG0qpXTmQph7hcQQFL8a9mF61AtrgVSGooCzcJAYZJXDzObLGqm4K4HoOHG3UjDIet/AAAAFQCxWQWuSTK8m6K1q0+4c3FUpgrFqQAAAIEAt17Wi5GqSmW/6zhd9W2wV/B+E9u7WhB3w1BGs57K/lRs0QzvBJCzA/Bcb5LHgOZQhrkjnyC7j+ahZLhKcWu2gizI/YxImHg14ZRWH85HvsG/rc0w9T4X1w1nUomC0o0HdqFCXx5EmGPe/B3klk4nxz8Ki1oIrLECUFpHtoFNfykAAACBAKPlk87+X7lYzG0vhePxxj837HK6MULSEyP3L3x2josU4TaqNXn9Zw31m1lI0GmqrWvUFv9AGclf7tx8gS2hig/REftNUwbMOsOXqaCnJA8kq52KXpZTVs4GwWIkCLT7Xef2sE72X2Y/DvLgZh5FXM2E0UzmR8pa9zclzBan4SU+
There is no comment on this page. [Display comments/form]