Author: Sven Knispel
I sepent a few hours re-generation my keys on a per-machine basis and took some notes while looking up the basic commands.
This how-to is the result...
Following steps are detailed in this article:
Keys are created with the command
# ssh-keygen -t <key-type> -b <key-len> -C "comment" -f <name>
id_dsa-<host-name>the private key and
id_dsa-<host-name>.pubthe public key.
In order to use the private/public key sheme to encrypt the session data the private key must be installed on the remote machine.
Copy the private key to the remote machine:
# scp id_dsa-<host-name>.pub <user>@>remote-host>:/home/<username>/.ssh
Then connect to the remote machine and install the public key by adding it to
# cat id_dsa-<host-name> >> authorized_keys2
authorized_keys2shall not be world readable (
chmod 600 authorized_keys2)
~/.ssh/ configand add following line to it:
IdentityFile=~/.ssh/id_dsa-<host-name/gt;This tells ssh which identity (private key) file to use.
chmod 600 config.
Test ssh with following command:
# ssh-v <user>@<remote-host>
First thing to check: make shure you are asked for your passphrase, not your password
. In case of any trouble the debug display can be used for tracing the decisions made during the access (also see "Troubleshooting").
For troubleshooting ssh both client and server provide detailed tracing options:
-vtraces details during the session establishment (e.g. selection of identity file)
sshd -p <alternate-port> -d -D. In this mode the server displays important information at session begin
~/.sshand/or the private data as well as config file are world readable
~/.shh/config(you can also try forcing the identity file using the
The authenticity of host '<ip>' can't be established.
When establishing a ssh connection ssh may asks for to validate the fingerprint of the server key. This message can mean:
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)?
# ssh-keygen -l -f ssh_host_rsa_key