I am the key master!

Since I acquired a hosting plan, with the great Dreamhost team, I’ve been creating some websites, experimenting with stuff, login in, login out, via terminal ssh and also using CyberDuck sftp client for Mac. And, even though I use Linux for a while now, sometimes laziness takes his best, and it seems like my brain goes numb! Let me explain… Every time I login on my server space, I type a username (if I’m in the terminal this part is skipped, because local user is the same in the remote server, thereby no need to specify user) and a password. This is cool, if you do it one or two times a day, but if you keep doing this a lot, and have a bunch of servers (working in system administration can do this for you =] ) to login, you will get tired typing all this username/passwords all the time! Believe me… Not to mention the fact that a password scheme, is bad for your security! Why not remove all the need for passwords, and use digital security keys? They are like your normal keys, but one keys does it all!

Here I will cover both the Mac and Linux, because, well, in fact they are almost the same, command line speaking I guess.

So, let’s skip the romantic part of the post, and let’s cut to the chase! =)

First go to your favorite command line client, and create or own set of digital keys. It’s very simple, don’t worry, just type ssh-keygen -t dsa (this generates a digital key, using DSA as security algorithm). It will prompt you the destination for the key, which normally resides inside folder .ssh at your home folder, and if you want to use a passphrase each time you use the keys (let’s keep it simple for now and say no). Now if you take a look inside .ssh folder, you will now see 2 files or more, but the important ones are id_dsa and id_dsa.pub. This is the pair of keys, one which is public, and the other you keep it for yourself.

Now if you look inside your id_dsa.pub, you will see a bunch of characters, which don’t mean anything to you. But copy everything to clipboard, for use in your remote server. My looks like this:

(this is all in a single line)

There is no problem on showing my public key, because, well, it’s public. You can learn more why here.

Now, login to your server, go to directory .ssh on you home folder, and edit or create the file authorized_keys; paste your public key inside, all in one line! That’s it, your done. If you use Dreamhost I found out that both .ssh folder and authorized_keys file must have 700 permissions set.

Now logout, and login again, and the remote server will match your public key, with your local private key, and if everything goes smoothly, you are in! No passwords, no hassle, no nothing!

It’s also possible to make your sftp client to use your keys, just define this in the login options, and check the “Use public keys authentication” or something similar, and choose your private key, not your public one. Next time you login, again, no passwords will be asked. Cool eyn?

I did not cover ssh inside Windows systems, but you can do the same using Putty and all the tools available. Go here to learn more about ssh authentication inside Windows, using Putty, but also for a more precise explanation on ssh authentication.

In the future it also should be important for you to set a passphrase with your keys, for extra security. But for now this is enough, so enjoy!
Oh, by the way, in case you did not understand the romantic vs chase part of this post, take a look here…

Update: By the way, this post refers to Dreamhost, but you can use this with any server you wish, just make the same steps discribed.