Introduction

Initialization

1. Create a directory ~/.ssh on all computers you want to use.
2. ssh-keygen -t dsa
   This generates a private and a public key in a directory ~/.ssh on your local computer, i.e. a directory .ssh in your home directory. You will be asked for the file name where to save the keys (answer with return). After that you will be asked two times for a passphrase (i.e. a password). Remember that passphrase as you will be prompted for it later. Two file are generated: id_dsa contains the private key and must be readable only by you. id_dsa.pub is the public key.
3. It is a good idea to keep a single file containing all public keys on all computers you want to use. I.e. if you modify this file on one computer redistribute it to all remote computers. The file with public keys must be named ~/.ssh/authorized_keys.
4. If a file authorized_keys doens't exist already in the directory ~/.ssh create a new empty file, i.e. execute:
   touch ~/.ssh/authorized_keys.
5. Append the content of file ~/.ssh/id_dsa.pub to ~/.ssh/authorized_keys:
   cat ~/.ssh/id_dsa.pub >>~/.ssh/authorized_keys.
6. Redistribute the local file ~/.ssh/authorized_keys to all remote computers you want to establish connections to in the future. This can be done in the following way:
   scp ~/.ssh/authorized_keys Account@RemoteHost:~/.ssh/authorized_keys
   where Account is your account name on the remote computer and RemoteHost is the name of the remote computer.

Example session

rudolf@pluto: mkdir ~/.ssh
rudolf@pluto: ssh-keygen -t dsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/rudolf/.ssh/id_dsa):RETURN
Enter passphrase (empty for no passphrase):mypassword
Enter same passphrase again:mypassword
Your identification has been saved in /home/rudolf/.ssh/id_dsa.
Your public key has been saved in /home/rudolf/.ssh/id_dsa.pub.
The key fingerprint is:
27:5e:be:3e:26:aa:9f:8a:8c:2e:d9:01:c1:60:7b:a6 rudolf@pluto
rudolf@pluto: touch ~/.ssh/authorized_keys
rudolf@pluto: cat ~/.ssh/id_dsa.pub >>~/.ssh/authorized_keys
rudolf@pluto: scp ~/.ssh/authorized_keys rudolf@pollux:~/.ssh/authorized_keys
rudolf@pluto: scp ~/.ssh/authorized_keys rudolf@venus:~/.ssh/authorized_keys
rudolf@pluto:

Usage

1. ssh-agent sh
   Start a new shell under the control of a ssh authentication agent. Instead of sh you may use another shell like bash, ksh, csh, tcsh. All the following commands should be child processes of this newly created process, i.e. all commands should be started in this newly created shell. If your operating system allows to execute the window system under an ssh-agent, this should be the preferred way.
2. ssh-add
   Adds your identification to the authentification agent. You will be prompted for the passphrase. At that time you should enter the passphrase from the initialization procedure.
3. These two steps are necessary every time to log into a computer. After that you may use ssh and scp as often as you like without any prompt for passwords. The complete syntax for a remote login is:
   ssh [-l loginname] [ hostname | user@hostname ] [command]
   or
   ssh [user@]hostname
   If you omit the user name, the current user name on the local host is used. Usage examples:
   • ssh bryan@pc-200
   • ssh pc-200
   • ssh bryan@pc-200 \"ls -l\"

Example session

rudolf@pluto: ssh-agent sh
rudolf@pluto: ssh-add
Need passphrase for /home/rudolf/.ssh/id_dsa
Enter passphrase for /home/rudolf/.ssh/id_dsa:mypassword
Identity added: /home/rudolf/.ssh/id_dsa (/home/rudolf/.ssh/id_dsa)
rudolf@pluto: ssh bryan@pc-200
bryan@pc-200:

Further Information

• man ssh
• man ssh-agent
• man ssh-keygen

This document describes ssh protocol version 2. There exists an older protocol named version 1 which uses different files etc.