For this example, we will use the following names:
Local Workstation Username: luid
Local Workstation Hostname: lhost
Remote Host Username: ruid
Remote Host Hostname: rhost
The password tokens will be:
Local Workstation Key-Pair Passphrase: lwkpp Remote Host User Account Password: rhuap
Be sure to substitute the real usernames, hostnames, and passwords when performing this procedure.
ssh–keygen –t dsa –b 2048 –f ~/.ssh/id_dsa
Typically any user account that uses OpenSSH to connect to other hosts will have a hidden directory called .ssh in the user's $HOME directory. The permissions on this hidden directory must be correctly set in order for SSH to function correctly. The only acceptable permission set for .ssh is 0700 – that is: owner read/write/execute permissions only. Note that the files in the directory should be set to 0600, since the eXecute bit only needs to be set on the directory. If their are sub–directories under .ssh, those, too, will need the execute bit set (0700).
Either of the ssh commands – ssh or sshkeygen – should craete the .ssh directory when run for the first time on the user’s account.
Otherwise, use the mkdir command to make diretories, and the chmod command to change permissions. See the system man pages for more about those commands [I.E. use the commands man mkdir and man chmod].
Below (between the cut lines) is the source code of the 'ssh-copy-id' script provided by the OpenSuSE OpenSSH package. This script should work on most *nix systems where SSH is installed, and may work for Cygwin installs, as well.
The instructions below show the Bash command to perform the designated operation.
chmod +x ssh-copy-id
or
sudo cp ssh–copy–id /usr/bin/or even
sudo cp ssh–copy–id ~/bin/if you don't have sudo privileges.
Source code for ssh–copy–id:
=====[cut here]===== #!/bin/sh # Shell script to install your identity.pub on a remote machine # Takes the remote machine name as an argument. # Obviously, the remote machine must accept password authentication, # or one of the other keys in your ssh-agent, for this to work. ID_FILE="${HOME}/.ssh/identity.pub" if [ "-i" = "$1" ]; then shift # check if we have 2 parameters left, if so the first is the new ID file if [ -n "$2" ]; then if expr "$1" : ".*\.pub" > /dev/null ; then ID_FILE="$1" else ID_FILE="$1.pub" fi shift # and this should leave $1 as the target name fi else if [ x$SSH_AUTH_SOCK != x ] ; then GET_ID="$GET_ID ssh-add -L" fi fi if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then GET_ID="cat ${ID_FILE}" fi if [ -z "`eval $GET_ID`" ]; then echo "$0: ERROR: No identities found" >&2 exit 1 fi if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 exit 1 fi { eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 cat <<EOF Now try logging into the machine, with "ssh '$1'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. EOF =====[cut here]=====