Re: Where do you run ssh-keygen, server or client.
Jochen Schulz wrote:
> Nathaniel Homier:
>>
>> I have 1 desktop computer (we will call it son) and it runs a ssh
>> server. When I visit my mothers house I would like to be able to access
>> (son) from my mothers computer (we will call it mom). I have setup the
>> ssh server on (son) to use key based authentication. Now the question
>> is, do I run ssh-keygen on (son) or on (mom)? What I have done is, on
>> (son) is to:
>> $ssh-keygen -t dsa
>> $cd .ssh
>> $cat id_dsa.pub >> ~/.ssh/authorized_keys
>
> This only allows you to run 'ssh localhost' on son. You could use the
> same key (id_dsa + id_dsa.pub) from any other computer and do the same
> but I always generate a keypair per machine.
>
> It doesn't matter where you generate the key. The important thing is to
> put the contents of id_dsa.pub into the authorized_keys file on the
> server.
To be clear, you also have to ensure the private part of the key (id_dsa)
is accessible by the client. This name of the file is defined in
/etc/ssh/ssh_config (and effectively defines ~/.ssh/id_dsa as the file).
You can also define a local name for a remote machine and non standard key
files - I regularly SSH into a server I am responsible for on the other
side of the world (melindasbackups.com), and you then put an entry in
~/.ssh/config
I access a host with
ssh mb
This is what is in my config file
Host mb
HostName melindasbackups.com
User melindas
IdentityFile ~/.ssh/melindas_ssh_access_key
--
Alan
(via webmail - means I am away from my computer)
http://www.chandlerfamily.org.uk
Reply to: