This task does part of its work on the class Linux machine and part on your pers

Question

This task does part of its work on the class Linux machine and part on your personal Linux machine.

On the class Linux machine:

a. Create an SSH rsa key pair for yourself, accepting all the defaults.

On your personal Linux machine:

a. Put the public key portion in a file called ~/.ssh/authorized_keys in your account on your personal Linux machine.

i. Recall that you can use ssh-keygen to create the .ssh directory if it does not yet exist and that you can use scp or copy and paste to get this from the class machine to the personal machine.

On the class Linux machine:

a. Test to see whether you have set this up properly by attempting to ssh from the class machine to your personal machine

i. The command for this is ssh [account@]N.N.N.N, where N.N.N.N is the IP address of your personal Linux machine, and account is the optional account name you are connecting to.

ii. If the keys are set up correctly, you should be able to login without being required to enter a password.

2. (4 pts) Setup and test keys in your personal Linux machine’s turkda account.

On your personal Linux machine:

a. Put the provided (see hw11-turk-public-key.txt and hw11-turkda-public-key.txt files) public keys in the ~turkda/.ssh/authorized_keys file. This will allow me to log in without a password on your personal Linux machine and grade your assignment quickly and easily.

b. Put the public key that you created for your account on the class Linux machine into the ~turkda/.ssh/authorized_keys file on your personal Linux machine. After doing this, you will hve 3 public keys in the ~turkda/.ssh/authorized_keys file the two described / required above, as well as your personal public key. This will allow you to perform a limited test (see next steps) to give you confidence that you set up the turkda keys properly (see previous steps).

On the class Linux machine:

a. Test whether you have set up the key system properly by trying to connect from your account on the class Linux machine to both your account and the turkda account on your personal Linux machine. (You cannot do an absolute test to ensure that the turkda key is set up correctly, since you don’t have the private portion of the turkda key pair, but these tests should give you a good idea whether you have set it up correctly or not.)

b. If when attempting to make these test connections you are asked for a password, then review the previous steps and correct whatever was not set up correctly. Remember, for this to work in the simplest way possible that we have described, you ultimately need 1) the private key of a key pair to have the default name given by ssh-keygen and to be located in the .ssh directory of the account on the machine you are initiating the connection from, 2) the corresponding public key to be located in the authorized_keys file of the .ssh directory of the account on the machine you are connecting to, and 3) if the account names are not the same on the two machines, to use the destination account name in the ssh connection command. Ex: ssh destinationAccountName@destinationIPAddress

Explanation / Answer

The first step in setting up SSH key authentication is to generate an SSH key pair on your local computer, the computer you will log in from.

To generate an SSH key pair, you may use the ssh-keygen utility. By default, it will create a 2048-bit RSA key pair, which is adequate for most cases.

In your local computer's terminal, generate a key pair with this command:

You will see output like the following:

At the prompt, you may accept the default key location or enter a different path. If you accept the default, the keys will be stored in the .ssh directory, within your user's home directory. The private key will be called id_rsa and public key will be called id_rsa.pub.

If you are just getting started with SSH keys, it is best to stick with the default location. Doing so will allow your SSH client to automatically find your SSH keys when attempting to authenticate. If you would like to choose a non-standard path, type that in now, otherwise, leave the prompt blank and press RETURN to accept the default.

If you previously generated an SSH key pair, you may see a prompt like this:

If you choose to overwrite the existing key, it will be deleted and you will no longer be able to use it to authenticate. That is, you should not overwrite it unless you are sure that you do not need it to authenticate to any of your servers.

At this point, you should see a prompt for a passphrase:

This optional passphrase is used to encrypt the private key. If you set a passphrase here, it will be required whenever you use the private key for authentication—that is, authentication will require both the private key and its passphrase, which can provide additional security if the private key is somehow compromised. If you leave the passphrase blank, you will be able to use the private key to log into your servers without a password—that is, authentication will occur based on your private key alone, so be sure to keep your key secure.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.