SSH public key authentication: Difference between revisions

Line 1:

To setup a public key based SSH connection from <code>~~clientmachine~~</code> to <code>~~servermachine~~</code>:

To setup a public key based SSH connection from <code>your-machine</code> (client) to <code>another-machine</code> (server):

[user@~~clientmachine~~] $ ssh-keygen -f ~/.ssh/~~servermachine~~

[user@your-machine] $ ssh-keygen -f ~/.ssh/another-machine

[user@~~clientmachine~~] $ ssh-copy-id -i ~/.ssh/~~servermachine servermachine~~

[user@your-machine] $ ssh-copy-id -i ~/.ssh/another-machine another-machine-host-or-ip

</syntaxhighlight>

Now the public key is stored on the <code>~~servermachine~~</code> in <code>/home/user/.ssh/authorized_keys</code>

Now the public key is stored on the <code>another-machine</code> in <code>/home/user/.ssh/authorized_keys</code>

On ~~the~~ <code>~~clientmachine~~</code>, we stored the key file in the non-standard path <code>~/.ssh/~~servermachine~~</code>, so we must tell the SSH client to use the key file:

On <code>your-machine</code>, we stored the key file in the non-standard path <code>~/.ssh/another-machine</code>, so we must tell the SSH client to use the key file:

[user@clientmachine] $ ssh -i ~/.ssh/~~servermachine servermachine~~

[user@clientmachine] $ ssh -i ~/.ssh/another-machine another-machine-host-or-ip

</syntaxhighlight>

Line 19:

Host ~~servermachine~~

Host another-machine

HostName 192.168.1.105

HostName 192.168.1.105 # another-machine-host-or-ip

#Port 22

#User user

Line 26:

# Prevent using ssh-agent or another keyfile, useful for testing

IdentitiesOnly yes

IdentityFile ~/.ssh/~~servermachine~~

IdentityFile ~/.ssh/another-machine

</syntaxhighlight>

== SSH server config ==

Optionally, on the NixOS-based <code>~~servermachine~~</code>, we can set <code>passwordAuthentication = false;</code> to require public key authentication for better security.

Optionally, on the NixOS-based <code>another-machine</code>, we can set <code>passwordAuthentication = false;</code> to require public key authentication for better security.

Line 48:

users.users."user".openssh.authorizedKeys.keys = [

"ssh-rsa AAAAB3Nz....6OWM= user" # content of authorized_keys file

# note: ssh-copy-id will add user@~~clientmachine~~ after the public key

# note: ssh-copy-id will add user@your-machine after the public key

# but we can remove the "@~~clientmachine~~" part

# but we can remove the "@your-machine" part

];

</syntaxhighlight>

@@ Line 1: / Line 1: @@
-To setup a public key based SSH connection from <code>clientmachine</code> to <code>servermachine</code>:
+To setup a public key based SSH connection from <code>your-machine</code> (client) to <code>another-machine</code> (server):
 <syntaxhighlight lang="console">
-[user@clientmachine] $ ssh-keygen -f ~/.ssh/servermachine
+[user@your-machine] $ ssh-keygen -f ~/.ssh/another-machine
-[user@clientmachine] $ ssh-copy-id -i ~/.ssh/servermachine servermachine
+[user@your-machine] $ ssh-copy-id -i ~/.ssh/another-machine another-machine-host-or-ip
 </syntaxhighlight>
-Now the public key is stored on the <code>servermachine</code> in <code>/home/user/.ssh/authorized_keys</code>
+Now the public key is stored on the <code>another-machine</code> in <code>/home/user/.ssh/authorized_keys</code>
-On the <code>clientmachine</code>, we stored the key file in the non-standard path <code>~/.ssh/servermachine</code>, so we must tell the SSH client to use the key file:
+On <code>your-machine</code>, we stored the key file in the non-standard path <code>~/.ssh/another-machine</code>, so we must tell the SSH client to use the key file:
 <syntaxhighlight lang="console">
-[user@clientmachine] $ ssh -i ~/.ssh/servermachine servermachine
+[user@clientmachine] $ ssh -i ~/.ssh/another-machine another-machine-host-or-ip
 </syntaxhighlight>
@@ Line 19: / Line 19: @@
 <syntaxhighlight>
-Host servermachine
+Host another-machine
-   HostName 192.168.1.105
+   HostName 192.168.1.105 # another-machine-host-or-ip
    #Port 22
    #User user
@@ Line 26: / Line 26: @@
    # Prevent using ssh-agent or another keyfile, useful for testing
    IdentitiesOnly yes
-   IdentityFile ~/.ssh/servermachine
+   IdentityFile ~/.ssh/another-machine
 </syntaxhighlight>
 == SSH server config ==
-Optionally, on the NixOS-based <code>servermachine</code>, we can set <code>passwordAuthentication = false;</code> to require public key authentication for better security.
+Optionally, on the NixOS-based <code>another-machine</code>, we can set <code>passwordAuthentication = false;</code> to require public key authentication for better security.
 <syntaxhighlight lang="nix">
@@ Line 48: / Line 48: @@
 users.users."user".openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3Nz....6OWM= user" # content of authorized_keys file
-   # note: ssh-copy-id will add user@clientmachine after the public key
+   # note: ssh-copy-id will add user@your-machine after the public key
-   # but we can remove the "@clientmachine" part
+   # but we can remove the "@your-machine" part
 ];
 </syntaxhighlight>