SSH public keys

Often, it is inconvenient to input your password all the time when you push/pull via ssh (not using the contrib user).

For such case, you can set up a public/private key pair. Create them with

ssh-keygen -t dsa

Usually, it is a good idea to create a public/private key pair for specific purposes, so that a single compromised key (see an example how that can happen even if you did not do anything wrong) does not affect all of your machines. So, change the default name id_dsa to something like id_dsa.fiji before hitting Return.

You can password-protect your private key, in which case you have to use the program ssh-agent, but is is usually more convenient to leave the password empty, in which case you are not even asked for it anymore.

Now you should have a file id_dsa.fiji.pub (the public key) in addition to id_dsa.fiji (the private key).

Add the public key (the single line contained in the file id_dsa.fiji.pub) to the file $HOME/.ssh/authorized_keys on the remote computer, i.e. the computer you want to connect to without a password. Note! Make sure that the .ssh/ directory as well as all contained files are owned by the correct user, and that .ssh/ is accessible to the same user.

For convenience, you should now add a section like this to the file $HOME/.ssh/config on the local computer, i.e. the computer with the private key:

Host fiji.sc
    User hacker
    IdentityFile /home/hacker/.ssh/id_dsa.fiji

Without this section, you would have to specify both the identity file as well as the user everytime you connect. For even further convenience, you can add a nick name:

Host fiji
    HostName fiji.sc
    User hacker
    IdentityFile /home/hacker/.ssh/id_dsa.fiji

With this, you can connect to the remote machine with

ssh fiji

See also GitHub's documentation on SSH keys.