SSH and Public Key

[ Introduction | Setting Example]

Basically, for a Public Key Encryption system to work.
Both two sides have to store the public key of each other.
Here, we have server and terminal:
Server store public key of client in $HOME/.ssh/authorized_keys
Clietn store public key of server in $HOME/.ssh/known_hosts

Attention: Each key is only one line ( one very long line) in the file.

Generally, client could trust the server if it like. So, Once this occurs:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the DSA host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
14:b0:b4:42:01:5f:d6:20:69:4f:5b:e6:10:cb:65:cf.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:3
DSA host key for 10.0.0.3 has changed and you have requested strict checking.
Host key verification failed.

There could be solved by easily removed the offending line in known_hosts file.

Examples:

It's important to know that there are essentially two versions of SSH out in the wild. On most GNU/Linux systems the OpenSSH implementation is installed which (these days) defaults to SSH protocol 2. On Windows SSH Shell, the commercial version of SSH is installed (also using protocol 2).

Client OpenSSH, Server: OpenSSH
1. use ssh-keygen -t rsa to generate a id.rsa file
2. copy the content of id_rsa.pub into server's ~/.ssh/authorized_keys file.
3. if thte filename is not id_rsa, it can be any name , such as "wzb" and "wzb.pub"
4. copy the content of wzb.pub into server's ~/.ssh/authorized_keys file, appended as one line.
5. use ssh -i wzb liman1a.rutgers.edu , it will prompt for the passphrase of identity file named "wzb", however, if you rename the key pair files as "identity" and identity.pub, thrn it will not need this -i option.
6. use ssh-agent to avoid passphrase. Or you can try to use empty passphrase
7. use ssh-add
Cleint: Windows SSH Shell: Server: OpenSSH
Do following steps in client:
1. start SSH shell, connect server with password
2. menu-settings select key, generate keys.
3. give name "userid" and comment, without pass-phrase (empty pass-phrase)
4. upload keys to ".ssh" direcotory of the server
5. go to home directory of server, cd .ssh
6. run "ssh-keygen -X -f userid.pub >>authorized_keys" or "ssh-keygen -i -f userid.pub >>authorized_keys"
7. In client, disconnect and connect again. You don't need to type password anymore.
The above method works in liman server.

Reference:

Secure your connections with SSH