[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Where do you run ssh-keygen, server or client.

Jochen Schulz wrote:
> Nathaniel Homier:
>> I have 1 desktop computer (we will call it son) and it runs a ssh
>> server.  When I visit my mothers house I would like to be able to access
>> (son) from my mothers computer (we will call it mom).  I have setup the
>> ssh server on (son) to use key based authentication.  Now the question
>> is, do I run ssh-keygen on (son) or on (mom)?  What I have done is, on
>> (son) is to:
>> $ssh-keygen -t dsa
>> $cd .ssh
>> $cat id_dsa.pub >> ~/.ssh/authorized_keys
> This only allows you to run 'ssh localhost' on son. You could use the
> same key (id_dsa + id_dsa.pub) from any other computer and do the same
> but I always generate a keypair per machine.
> It doesn't matter where you generate the key. The important thing is to
> put the contents of id_dsa.pub into the authorized_keys file on the
> server.
To be clear, you also have to ensure the private part of the key (id_dsa)
is accessible by the client. This name of the file is defined in
/etc/ssh/ssh_config (and effectively defines ~/.ssh/id_dsa as the file).

You can also define a local name for a remote machine and non standard key
files - I regularly SSH into a server I am responsible for on the other
side of the world (melindasbackups.com), and you then put an entry in

I access a host with

ssh mb

This is what is in my config file

Host mb
 HostName melindasbackups.com
 User melindas
 IdentityFile ~/.ssh/melindas_ssh_access_key

(via webmail - means I am away from my computer)

Reply to: