This exercise is about executing commands remotely using Secure
Shell authentication. In the old rsh protocol, you would use
the .rhosts file to declare trusted hosts. The problem with
this was that it was easy to falsify the protocol request and gain
illegal access to user accounts. With secure shell, you use a public
and private key pair which ensures that the connection will be
authenticated by host/username since only the owner of a private key can decrypt the
commands.
- Generate a pair of keys with the command
ssh-keygen2
.
When asked, do not give a passphrase
Just enter nothing.
If you do, you will be asked to enter this phrase each time you connect to another host.
- Create a file
~/.ssh2/identification
which contains:
IdKey id_dsa_1024_a
- Create a file
~/.ssh2/authorization
which contains:
Key id_dsa_1024_a.pub
(The key pair might be called by another name. Check what ssh-keygen tells you.)
- Done. (It is simple here, because you have the same home directory on every machine.)
Now you can execute commands, e.g.
ssh cube /bin/ls
Or, you can log onto other hosts in the network without giving a password.
ssh mulder
Last login: Wed Aug 25 10:45:15 1999
You have mail.
Linux mulder 2.2.10 #1 SMP Fri Jul 23 14:43:11 MET DST 1999 i586 unknown
mulder%
Explain why this is more secure than the old .rhosts approach.
What is the purpose of the pass-phrase you were asked for? Would the
use of a pass phrase increase security?