HowTo setup DSA / SSH2 Authentication with OpenSSH
This howto will guide you to setup DSA key for ssh authentication:
Step 1: as root become the user on the box you want to setup these keys for: su username
Step 2: Once you are the user you want to use keys for, on the command line simply type: ssh-keygen -d, a few options come up where to save these files simply hit enter, for default.. it then asks for passphrase.. hit enter for none. if you so choose to not use one, other wise type one? ;)
Step 3: now become root on the server and cd /home/username/.ssh (into the users directory you just did this for).
Step 4: You will see 2 files id_dsa and id_dsa.pub next type: mv id_dsa.pub authorized_keys
Step 5: now you have the id_dsa file still there, this is the file for the user to use to connect to the server with, and they should gaurd this file with there life and hide it on there box. once you are sure they have this file on there machine DELETE IT IMMEDIATELY from the directory /home/username/.ssh so it doesnt exist on the server any longer.
Step 6: Server side configuration is now completed. if you are on windows just load this file (may need to rename identity.pub for secure crt). Simply choose the appropriate protocol, ssh2 , enter username and point the public key option to this file you've saved. Connect to the server (this is roughly for secure crt only on windows) For unix, simply type: ssh hostname.com -2 -l username -i /path/to/id_dsa
and now your using a DSA authentication method for ssh2/sshd connections.
I believe with OpenSSH3.0.1p1 protcol 2 is used first, (dont quote me on this) if not used defaulted to ssh1, to change this to never use ssh1 simply vi your sshd_config and at the top Protocol 2,1 change to Protocol 2 strictly to only use ssh2. either way reguardless of whats default this will only allow ssh2 connections..
ps: if you wish to "only" use DSA authentication in sshd_config change PasswordAuthentication yes -> to PasswordAuthentication no and -HUP the sshd.
For more information on key bit size and other information: man ssh-keygen "this was a basic quick 10 minute howto" the manuals will get you into more detail.
Done.
Written by: Didjital1
|