SSH with passphrase

From ICT science
Jump to navigation Jump to search

The following recipe works on both Mac OSX and Linux.

Suppose you want to connect to gemini.science.uu.nl from another computer A, where you are logged in as user a.

First log in on computer A as user a and generate a pair of authentication keys (substitute the correct username and machinename for a and A); open Terminal:

A:~ a$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/a/.ssh/id_rsa): 
Created directory '/Users/a/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/a/.ssh/id_rsa.
Your public key has been saved in /Users/a/.ssh/id_rsa.pub.
The key fingerprint is:
95:9f:a5:6a:d0:2d:82:68:6f:9c:c5:38:20:e4:e5:7c a@A.phys.uu.nl

Now use ssh to create a directory ~/.ssh on gemini.science.uu.nl using your own solisid and password (the directory may already exist)

A:~ a$ ssh yoursolisid@gemini.science.uu.nl mkdir –p .ssh
yoursolisid@gemini.science.uu.nl's password: 

Finally append a’s new public key to yoursolisid@gemini.science.uu.nl:.ssh/authorized_keys2 and enter password for yoursolisid@gemini.science.uu.nl (not the passphrase)

A:~ a$ cat .ssh/id_rsa.pub | ssh yoursolisid@gemini.science.uu.nl 'cat >> .ssh/authorized_keys2'
yoursolisid@gemini.science.uu.nl's password: 
SSH-with-passphrase.png

From now on you can log into gemini.science.uu.nl from A with passphrase (image on right for Mac OSX only).

A:~ A$ ssh yoursolisid@gemini.science.uu.nl
Last login: Wed Sep 18 12:41:48 2013 from A.phys.uu.nl

*********************************************************************
*                 Welcome to gemini.science.uu.nl                    * 
 * <..>                                                              * 
********************************************************************
-bash-3.2$

Change the permissions of .ssh to 700

-bash-3.2$ chmod 700 .ssh

Change the permissions of .ssh/authorized_keys2 to 600

-bash-3.2$ chmod 600 .ssh/authorized_keys2

Add (or adjust) the following two settings in the .ssh/config file:

ServerAliveInterval 20
TCPKeepAlive yes