toucheatout  2006-05-19 10:32  Linux  

Generate your pair of keys

ssh-keygen -t rsa
should simply do the trick and generate
~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
that is a keypair suitable for ssh version 2. When prompted for a passphrase, leave it blank (just hit return).
The passphrase is skipped as the only critical piece of information is the private key (~/.ssh/id_rsa), that is mode 0700 in a 0700 directory so it should be fine. And the actual aim is to get instantaneous though secure login, not input a password anymore.

To create a stronger key than the default (1024 bits), use the -b switch (argument 2048, resp. 4096, even down - min 512).

Configure ssh

Not strictly key-related, some configuration make ssh's daily use a breeze. Edit (or create) a ~/.ssh/config. This file is a sequence of Host declaration. For instance:

Host *
Compression yes

Host truc
HostName truc.machin.internal
User mox
Port 22022


Then just use ssh truc instead of ssh -C -p 22022 mox@truc.machin.internal. There are a lot more options that you can specify in the config file, check the ssh_config man page.

Note: avoid compression on fast lines.

Setup your public key on the target host

All there is to do is to leave the public key on the list of authorized keys on the target host (~/.ssh/authorized_keys file, on the remote machine). The public key is sufficient to initiate a cryptographic challenge and log you in if you own the private key on your side.
Append id_rsa.pub that we just created locally at the end of the remote ~/.ssh/authorized_keys. If the file doesn't exist, create it. It contains the keys authorized for login, one per line.