Copyright (c) 2001-2005 Dave Aaldering, All rights reserved. This is free document ware; you can redistribute it and/or modify it under the terms of version 2 or later of the GNU General Public License.
The official and latest releases for this HOWTO can be found at : the SSH with Keys HOWTO homepage. Which is located at :
http://www.puddingonline.com/ dave/publications/SSH-with-keys-HOWTO/
Until the document reaches version 1.0 I do *NOT* encourage mirroring, since new versions will be released as often as possible. For now, please post a link to the project home-page.
This document is for SSH users, that want to get the maximum comfort out of using SSH on a large scale.
This document gives a very hands on approach to using SSH with keys.
It will learn you how to use ssh with keys and how to use ssh-agent and add keys to the agent. After that we will try creating and adding keys with a passphrase. Then we'll get to the most important part, setting up a mechanism that asks you for your passphrase *once* when starting up X and your favorite window manager, and staying present during your entire session. Also I would like to show you the strenghts of issuing remote commands.
I presume you are already using SSH and X. If not you will need those two. The third ingredient in our SSH-Soup is a nice little utility called x11-ssh-askpass. It is a little X application that pops up and ask us for a password in a very discreet manner. After that it spits that out for us in clear text :) so we can use it to add our key. You will find out how that works later on in this document.
While I try to keep the HOWTO as generic and inter-operable as possible, it could happen that I write an example that is not working on your *NIX, please let me know.
This document will contain examples for both Protocol version 1 and 2.
I use mostly Red Hat Linux systems, while testing, discovering, playing with SSH and writing this document.
For SSH I use OpenSSH, but most things wil work with commercial versions of SSH as well.
Differences between SSH versions do occur. And some commercial SSH versions have their flaws such as odd PGP-like key formats and entries in the 'identity' and 'authorization' files instead of in 'authorized_keys'. So sticking to Open SSH is a good idea! For more information on the differences between SSH versions and OpenSSH you can have a look at the snailbook (which will be named again later) homepage FAQ. Differences between versions, discussion about which version is the best, and matters like those are not within the scope of this document!
You are very welcome, and encouraged to send your feedback to dave@puddingonline.com.