HowTo setup DSA / SSH2 Authentication with OpenSSH
This howto will guide you to setup DSA key for ssh authentication:
as root become the user on the box you want to setup these keys for:
Once you are the user you want to use keys for, on the command line simply
type: ssh-keygen -d, a few options come up where to save these files simply
hit enter, for default.. it then asks for passphrase.. hit enter for none.
if you so choose to not use one, other wise type one? ;)
now become root on the server and cd /home/username/.ssh
(into the users directory you just did this for).
You will see 2 files id_dsa and id_dsa.pub next type: mv id_dsa.pub
now you have the id_dsa file still there, this is the file for the user
to use to connect to the server with, and they
should gaurd this file with there life and hide it on there box. once
you are sure they have this file on there machine
DELETE IT IMMEDIATELY from the directory /home/username/.ssh so it
doesnt exist on the server any longer.
Server side configuration is now completed. if you are on windows just
load this file (may need to rename identity.pub
for secure crt). Simply choose the appropriate protocol, ssh2 , enter
username and point the public key option to this
file you've saved. Connect to the server (this is roughly for secure crt
only on windows)
For unix, simply type: ssh hostname.com -2 -l username -i /path/to/id_dsa
and now your using a DSA authentication method for ssh2/sshd connections.
I believe with OpenSSH3.0.1p1 protcol 2 is used first, (dont quote me on
if not used defaulted to ssh1, to change this to never use ssh1 simply
sshd_config and at the top Protocol 2,1 change to Protocol 2 strictly to
only use ssh2.
either way reguardless of whats default this will only allow ssh2
if you wish to "only" use DSA authentication in sshd_config change
PasswordAuthentication yes -> to PasswordAuthentication no and -HUP the
For more information on key bit size and other information: man ssh-keygen
"this was a basic quick 10 minute howto" the manuals will get you into
Written by: Didjital1 (didjital1@ePIMP.com )