OpenLab spring 2015/02 | Key generating/eating party

• Date: 27. 2. 2015
• Workshop by: Martin Ukrop, Vladimír Štill
• Cake: evidence here
• Cake by: Vlasta Žáková

Introduction to SSH keys and SSH authentication.

See manual pages for usage details.

• ssh (create SSH connection)
• ssh-keygen (generate SSH keypair, interactive)
• ssh-copy-id <machine> (copy local identity to server to enable key authentication)
• ssh-add (add key to agent)

Host aisa

Hostname aisa.fi.muni.cz
ForwardAgent yes
Username xukrop
VisualHostKey yes

Host nymfe*

ForwardAgent yes
Hostname %h.fi.muni.cz
IdentityFile ~/.ssh/id_rsa
ProxyCommand ssh xstill@aisa.fi.muni.cz nc %h %p

# defaults should be at the end # security hardening Host *

User xstill
PreferredAuthentications publickey
ForwardAgent no
PasswordAuthentication no
ChallengeResponseAuthentication no
PubkeyAuthentication yes

FI known hosts (SSH keys for all machines) https://fadmin.fi.muni.cz/noauth/sshkh/ssh-known-hosts.mpl

Beware! Forwarding your agent to the server may enable the server administrators to steal your agent and authenticate as yourself.