Using SSH keys with no passphrase and Using SSH keys with a passphrase

Lab 3.1: Using SSH keys with no passphrase


So far you have been connecting to serverX primarily with ssh,
authenticating yourself with a password.
This lab will enhance and simplify yours
molify your ssh connections to server x by
using key based authentication instead of passwords.


si connections between the student accounts on station X and server x
are authenticated using ssh keys.

1. As student on stationx, generate an ssh publice

stationx generate an ssh public private key pair. Note that ssh h keygen should
mert command line switch, so that keys appropriate for the DSA algorithm
are generated.
Choose default options for key locations. Also, choose a null passphrase by pressing Enter
when prompted.

2. Use the ssh  copy  id command to add the key you just generated to studente serverx's list

of authorized keys. Be sure to specify the path to your key with the i option.

3. You should now be able to access

perly configured, ssh will fall back to password authentication, and prompt
There are several steps you can take to help debug the situation. First, examine
sages and var log secure on the server for helpful information.
v command line switch with the ssh client. This will output useful debuggigi
options will produce more debug information.
information. Multiple V options will produce more da
If things are not properly configured, ssh will fall
for a password. There are several steps yo
var log messages and var log ser
Second, use the v command line switch

Lab 3.2: Using SSH keys with a passphrase

Scenario: deount and gain the
oy. Associalinga
but then you would
If someone were to find a way to get student's private key
station X, they would be able to impersonale that account and gain
same password less access to server X that you now enjoy. Assoc
passphrase with the key would prevent this confusion, but the
need to enter the passphrase for every connection.

nce between security and
ssh add  and ssh add allow you to strike a balance between securi
convenience by requiring you to only enter a passphrase once per la

The ability to connect to serverx with a passphrase that only needs to
entered once per session.

1. On stationx, use ssh eygen to add a passphrase to the private key in
ssh sd dsa
HINT: you will need to find the appropriate options for specifying both the key you wish to
change and what you wish to change about it (the passphrase). Use the man page or ssh eygen

2. Start the ssh agent running by running the command:

(studentestationx) eval  ssh agent
Use ssh add to provide ssh agent with your key. You will be required to enter your passphrase
so ssh agent can access the key.
(studentestationx) ssh add
Enter passphrase for home student stationx. ssh id dsa your
Identity added

3. You can configure ssh add to run automatically when you log in by adding it to the

startup process.
Navigate to System
 > Preferences
 > More Preferences
 > Sessions
 > Start Up Program
the Add button. The following dialog should be displayed. Enter the path to su
then save and close the dialog
ograms and click
O ssh add as shows


