Skip to end of metadata
Go to start of metadata


This article provides a basic introduction to the authentication methods available for SSH and how they can be implemented with the JITL SSH job.

UserID and Password

This is the easiest way to authenticate a user. The user ID and a password is sent to the SSH server. The password is encrypted before sending it to the server and decrypted at the server side.

Note that the password authentication must be enabled in the SSH configuration file:

PasswordAuthentication yes

Public and private Key

Passphrase: What it is and how to handle it

A passphrase is an additional protection of the key files, like a password. Every time you want to access a server by a passphrase protected key you have to enter the value of the passphrase as an additional authentication.

Note that the publickey authentication must be enabled in the /etc/ssh/sshd_config SSH configuration file:

PublickeyAuthentication yes

In addition, the private SSH-Key must be in OpenSSH-Format.

Creating the public and private key

First we generate the key with ssh-keygen.

kb@wilma:~/.ssh> ssh-keygen -f my-key-set.id_dsa -t rsa

When ssh-keygen askes for a passphrase you can enter your passphrase to add it to the key. Or you can leave it blank. Remember, the longer and stronger you make your password, the harder it will be for any malicious h4x0r (or government agency) to decrypt it. Save the key to /home/username/.ssh/identity as recommended by the ssh-keygen program. You will also need to specify which encryption method (e.g. RSA, DSA) you want to use.

ssh-keygen generates an private OpenSSH key and a public key.

Generating public/private rsa1 key pair.    
Enter file in which to save the key (/home/dave/.ssh/identity): /home/dave/.ssh/identity
Enter passphrase (empty for no passphrase): *enter your passphrase here*
Enter same passphrase again: *repeat your passphrase*
Your identification has been saved in
Your public key has been saved in 
The key fingerprint is:
    24:bc:0b:fs:f5:06:1d:c0:05:3a:59:09:e3:07:8a:8d kb@wilma


 The private key looks the the key in the lines below:

 -----BEGIN RSA PRIVATE KEY-----    Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,56C91DCFDF45E388



If puTTYgen is used to create the priv/pub keys it is not an OpenSSH Key by default. To get an OpenSSH conform key you must export the private key to OpenSSH format.

If you want to use the private key in putty as well you have to convert the private key to the openSSH-format. This can be done with puTTYgen as well.

Moving the public key to the remote server

To be able to log in to remote systems using a pair of keys, you first have to add the public key on the remote server to the authorized_keys file in the .ssh/ directory in the home directory on the remote machine.

The Next action is to create a .ssh directory, and inside the .ssh/ directory create an authorized_keys file and add the public key to the file. Make sure the file is not readable for other users/groups. chmod 600 authorized_keys* does the trick.

    [kb@wilma kb]$ mkdir .ssh
    [kb@wilma kb]$ chmod 700 .ssh
    [kb@wilma kb]$ cd .ssh
    [kb@wilma .ssh]$ touch authorized_keys
    [kb@wilma .ssh]$ chmod 600 authorized_keys
    [kb@wilma .ssh]$ cat ../ >> authorized_keys
    [kb@wilma .ssh]$ rm ../

 Further reading:

For more information on SSH see:

SSH is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions.


  • No labels
Write a comment…