SSH Notes

Creating an SSH Authentication Key (on your local machine)

IMPORTANT - this part of the procedure should only be executed on a "physically secured" machine (ie, one in the office, typically at your desk).

Execute the ssh-keygen program:

ssh-keygen -t dsa
  # Accept the defaults; use an empty passphrase

You should now have the following files (sizes may vary slightly) in your ~/.ssh directory:

  -rw-r--r--    1 kas      kas           604 Sep 20 11:54 id_dsa.pub
  -rw-------    1 kas      kas           668 Sep 20 11:54 id_dsa

The id_dsa.pub file is the "public" half. You can distribute this indiscriminately to less-secured machines. If a black-hat (bad-guy) captures the public file he does not gain the ability to become you.

The id_dsa file is the "secret" half of your keypair and should not be transferred in general. If a black-hat acquires your secret file, he can authenticate as you ...

Setup a remote machine to accept the Authentication Key

IMPORTANT - in this step we transfer only the public part of the keypair to the remote machine.

I'll use "cherry" as an example, you need to do this procedure once for each machine that wish to automatically authenticate to.

Use ssh to connect to the remote machine once. The only reason we are doing this is to "fault in" the .ssh directory on the remote machine. If you have already used ssh to connect to the machine this is unneccessary ...

ssh cherry
  # Enter password
  # Log back out

scp ~/.ssh/id_dsa.pub cherry:~/.ssh/authorized_keys2
  # Enter password

That's it! Now when you ssh (or scp) to the remote machine you should not be prompted for the password anymore

Forwaring Local Services to a Remote Server

I'll forward the mysql port to pear in this example; replace "pear" and "3306" with appropriate choices for your situation.

Add the following lines to your ~/.ssh/config file on the LOCAL machine; create if neccessary ...

cat >> ~/.ssh/config <<EOF
Host pear
RemoteForward 3306 plum:3306
EOF

ssh through to the remote machine normally ..

ssh pear