Difference between revisions of "Generate Certificates"

From NMSL
Line 18: Line 18:
 
== Using ssh-agent ==
 
== Using ssh-agent ==
  
Each time you will login using ''ssh'' or ''pssh'', you will be asked for your passphrase in order to decrypt the private key. If you want to enable a login session without entering the passphrase each time you should activate the ssh-agent:
+
Each time you will login using ''ssh'' or ''pssh'', you will be asked for your passphrase in order to decrypt the private key. If you want to enable a login session without entering the passphrase each time you should activate the ssh-agent. Public keys are not sensitive information and may be known to anybody, whereas the private key needs to be protected very carefully by a strong passphrase. Using multiple servers is easier designed by using ''ssh agent''. ssh-agent remembers the passphrase so that the user does not need to type it every time he or she wants to connect or send data to the server. Identities (i.e. private keys) are added to the authentication agent, ssh-agent, using the '''ssh-add''' command which takes as an argument the private key file to be added.
  
 
<pre>
 
<pre>
 
eval `ssh-agent`
 
eval `ssh-agent`
ssh-add
+
ssh-add ~/.ssh/id_rsa
 
</pre>
 
</pre>
  

Revision as of 05:24, 31 December 2009

Generate SSH Certificate

The instructions below are for Linux and Mac OSX. If you are not on Linux or OSX, you should either check for appropriate instructions to perform this on you operating system, use a Linux emulation environment (e.g. Cygwin or MinGW), or SSH into either nsl.cs.sfu.ca or one of the cluster machines in the lab.

The first step is to generate both a private and public key. This is done using the ssh-keygen key generation command. Simply type the command followed by the type of key to generate as shown below and follow the instructions on the screen. For Planet-Lab, the RSA algorithm is used for the type of the key. Make note of the location of the keys.

ssh-keygen -t rsa

During the key generation process, you will be prompted for a passphrase. This is because the generated private key will be encrypted and this passphrase will be used to decrypt the key later on whenever it is used. Although it is not recommended, when prompted for passphrase, you can just leave it blank! If you do enter a passphrase, you may need to use ssh-agent as will be shown in the following section.

Once the keys are generated you will need to submit the public key (.pub) to your Planet-Lab account (under My Account->Keys). The private key should be copied to the ~/.ssh/ folder if it's not already there.


Using ssh-agent

Each time you will login using ssh or pssh, you will be asked for your passphrase in order to decrypt the private key. If you want to enable a login session without entering the passphrase each time you should activate the ssh-agent. Public keys are not sensitive information and may be known to anybody, whereas the private key needs to be protected very carefully by a strong passphrase. Using multiple servers is easier designed by using ssh agent. ssh-agent remembers the passphrase so that the user does not need to type it every time he or she wants to connect or send data to the server. Identities (i.e. private keys) are added to the authentication agent, ssh-agent, using the ssh-add command which takes as an argument the private key file to be added.

eval `ssh-agent`
ssh-add ~/.ssh/id_rsa

For the rest of this session you will not be prompted for passphrase.


Configuring SSH

The next step is to relax SSH. Open/create the file ~/.ssh/config

Make sure you have these two lines in the config file.

StrictHostKeyChecking no
BatchMode yes