ssh authentication methods
Copyright Phillip Farrell. Last revision August 3, 2004
|Table of Contents:|
Rather than prompting you for your password on the remote computer when making connections, you can configure ssh to use alternate authentication systems, some of which require no password. This page describes the specific methods for doing this on Unix systems. Macintosh and Windows PC ssh clients may support similar processes with a different method.
The ssh protocol allows system managers of cooperating computer systems to permit ssh connections between the accounts of the same names on either system without requiring a password. This option uses the same system or user level .rhosts files that are required for the Berkeley Unix r commands. This type of authentication should only be allowed under systems that are managed together, because it requires complete trust between the systems. Just like the r commands, it means that if a hacker breaks into your account on one system, he has access to your account on the others with no need for any password. Unlike the r commands, the actual data transferred during connections is encrypted.
Neither pangea nor the Sweet Hall workstations allow this type of password-less ssh connections using .rhosts files.
The sshprotocol provides a third authentication option: private cryptographic keys. This option, which is available on pangea and the Sweet Hall systems, lets you use a special program to create a pair of public and private cryptographic keys that are specific to your account on a particular computer. Your private key, which you must keep secret, is used to encrypt communications. Your public key can only be used to decrypt and must be stored on each system to which you want to connect. These public/private encryption keys are virtually impossible to break.
Private cryptographic keys can be used in the ssh protocol for either one of two conflicting purposes: to add a higher level of security to your connections, or to add convenience by eliminating the need for providing passwords.
To make your connections even more secure, which is the recommended use of private cryptographic keys, your "private" portion of the key pair is itself encrypted with a "pass phrase" that is not stored anywhere in the computer. A pass phrase is like a password, except that it can be an arbitrary length phrase of multiple words; a phrase of 10 to 30 characters is recommended. When you make ssh connections using private crytographic keys that have been protected with a pass phrase, not only must you install the public key in advance on the remote systems, but you must supply the pass phrase at time of connection in order to read the private key. Because these pass phrases can be different from and longer than your normal account password, the likelihood that they can be guessed by a hacker is dramatically reduced.
You can also use private cryptographic keys in ssh to provide more convenient, password-less connections, but at some loss of security. You do this by creating the keys with a "null" pass phrase (you simply press the RETURN key when prompted to set the pass phrase). You then store the private key on the "local" computer in a file with permissions set to prevent other accounts from seeing it, and you copy the "public" key to the other computers to which you want to login. Now you can use ssh to make remote logins, transfer files (see below) and run remote commands (see below), all with full data encryption, between your "local" computer and those remote ones without ever needing to supply a password. The danger is that if a hacker obtains your private key, he can then access your account on the remote computers as well. This is the same danger that comes from enabling .rhosts authentication (see above), but applies only to your account and not to the whole system.
How do you create and store the private cryptographic keys to use with ssh?
On Unix systems, you use the ssh-keygen program. On pangea, this
is not located in one of the standard system directories, so you have to specify
the complete pathname of the program to run it, as:
No arguments are needed. ssh-keygen will make a pair of random private and public keys that work together. It will then prompt you for a pass phrase that is used to further encrypt the private key. If you want added security, supply a phrase. If you want the added convenience of password-less connections, simply press the RETURN key to create a "null" pass phrase.
ssh-keygen automatically stores the newly created cryptographic keys in the .ssh sudirectory of your home directory, in the files identity (for the private key) and identity.pub (for the public key).
The identity file will be made with no permissions for any other account to access it because the private key stored therein must be kept secret. Make sure that you never turn on read or write permission for "group" or "others" to this file, or to the .ssh subdirectory, particularly if you set a null pass phrase.
The public key in the identity.pub file must be copied to the other computers to which you want to connect with ssh. On remote Unix systems, you append the contents of identity.pub to the file authorized_keys in the .ssh subdirectory of your home directory. The location of this file may vary for non-Unix servers. The simplest way to copy this file is to use scp (the file transfer function of ssh) to copy it to the remote system and then concatenate it to the authorized_keys file with cat.