beautypg.com

Ssh and ssh keys, Key-based ssh login, Generating a key pair for ssh – Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual

Page 72: 72 ssh and ssh keys 72

background image

SSH and SSH Keys

SSH is a network protocol that establishes a secure channel between your computer
and a remote computer. It uses public-key cryptography to authenticate the remote
computer. It also provides traffic encryption and data integrity exchanged between
computers.

SSH is frequently used to log in to a remote machine to execute commands, but you
can also use it to create a secure data tunnel, forwarding through an arbitrary TCP port.
You can also use SSH to transfer files using SFTP and SCP. By default, an SSH server uses
the standard TCP port 22.

Mac OS X Server uses OpenSSH as the basis for its SSH tools. Notably, portable home
directory synchronization is provided via SSH.

Key-Based SSH Login

Key-based authentication is helpful for such tasks as automating file transfers and
backups and for creating failover scripts because it allows computers to communicate
without a user needing to enter a password.

Important:

Key-based authentication has risks. If the private key you generate

becomes compromised, unauthorized users can access your computers. You must
determine whether the advantages of key-based authentication are worth the risks.

Generating a Key Pair for SSH

The following outlines the process of setting up key-based SSH login on Mac OS X
and Mac OS X Server. To set up key-based SSH, you must generate the keys the two
computers will use to establish and validate the identity of each other.

This doesn’t authorize all users of the computer to have SSH access. Keys must be
generated for each user account.

To do this, run the following commands in Terminal:

1

Verify that an .ssh folder exists in your home folder by entering the command:

ls -ld ~/.ssh.

If

.ssh

is listed in the output, move to step 2. If

.ssh

is not listed in the output,

run

mkdir ~/.ssh

and continue to step 2.

2

Change directories in the shell to the hidden

.ssh

directory by entering the following

command:

cd ~/.ssh

3

Generate the public and private keys by entering the following command:

ssh-keygen -b 1024 -t rsa -f id_rsa -P ''

72

Chapter 4

Enhancing Security

See also other documents in the category Apple Software: