These instructions attempt to explain the basic concepts of SSH Public Key Authentication, what it is, and the steps required to use it.

Logging in with SSH key authentication means that you do not have to use your account password. Instead, you generate a unique 'key' which is just a string of characters. Then you authorize the user of this key (you, hopefully) to log in to your account. You can authorize any key you wish, and adding someone's key would allow them to log in to your account, without even using or knowing your password.

This may sound insecure but due to much research and theory, it can be very secure. But the strength of the method relies on you following certain guidelines. You will generate a pair of mathematically related keys: one public and the other private. You should never give out your private key, nor should you make the file that contains it readable by any other user. This would be like storing your password in a world-readable file. Only your public key will be listed on the server. Ensuring that your private key remains private is the most important of the guidelines that I mentioned. On to the instructions: edit Windows instructions

You will need an SSH client and a key generator for Windows. The most popular are the programs PuTTY and PuTTYgen. Both are available at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

Run PuTTYgen. At the bottom of the window, you can select which type of key you want to generate. You will need to pick between RSA and DSA encryption: go with RSA -- the relevant website is here: http://the.earth.li/~sgtatham/putty/0.53b/htmldoc/Chapter8.html#8.2.2. Your choice will have no effect on the rest of the steps here. For current applications, 1024 bits is plenty for a key to have. If youre feeling paranoid, 2048 bits should (barring any revolutions in prime factoring) keep your key secure for a decade or two.

Now press Generate and wave your mouse around to seed some randomness in the key generator. Viola, you have a key.

You can then add a passphrase to your key, and use this passphrase whenever you log in to an SSH-enabled server. Alternately you can use no passphrase. Be aware though that if you don't have to use a password to login from your user account, then neither would anyone else that sits down at your computer or otherwise accesses your local account.

The key comment is for your personal convenience, I reccomend youruser@yourlocalmachine and maybe the date, but of course it's up to you. Now save both the private and public key file somewhere (My Documents is a good choice, but pick somewhere that only you will have read access to) and close the PuTTYgen window.

Next, you need to configure PuTTY to use this key. Fire up PuTTY and load your session or create a new one. Then in the Category list on the left, selecct Connection > SSH > Auth. Browse for your key and load it up. Also, you'll want to allow changes of username if your silenceisdefeat account name is different from your local one.

You're almost done, you just need to let the server know that it should let you log in with your new key. Once the server has your key, the ssh, scp and sftp programs use these files automatically. So (optionally, but it is recommended) save your session and connect. Now do the following to authorize your key:

1. Copy the contents in the Key Generator window ("Public key for pasting into OpenSSH authorized_keys file")
2. you@silenceisdefeat.org $ mkdir ~/.ssh
3. you@silenceisdefeat.org $ cd ~/.ssh/
4. you@silenceisdefeat.org $ touch authorized_keys
5. Open the authorized_keys file you just created in a text editor.
6. Paste the contents of that box in to the authorized_keys file. In PuTTY, right click copies and pastes.

You should now be able to log in to silenceisdefeat.org using SSH Key Authentication.

These instructions written by silenceisdefeat user samble. Holla on IRC if you use this guide.

edit: I succeeded somewhat differently. In my trial, public key should be rather copied not from the saved public key, but from Public key for pasting into OpenSSh authorized_keys file: textbox in the PuTTYgen window. Note that we can also extract from existing PuTTYgen-type private keys (just load into it, and the public key should be there.). In conclusion, just watch out for the 6th step above! -- octaphial, also silenceisdefeat user edit OpenSSH instructions

You can get OpenSSH at OpenSSH.com or through package installers like rpm or apt-get. There are versions for most major non-Windows operating systems (and even one for Cygwin.) Once you have the OpenSSH suite set up, the program you will need to run is "ssh-keygen -t". The -t option is required, and specifies the type of encryption algorithm used in generating a key. You should use RSA encryption to generate your key -- the relevant website is here: the.earth.li/~sgtatham/putty/0.53b/htmldoc/Chapter8.html#8.2.2.

you@yourcomputer:~ $ ssh-keygen -t rsa

You can then add a passphrase to your key, and use this passphrase whenever you log in to an SSH-enabled server. Alternately you can use no passphrase. Be aware though that if you don't have to use a password to login from your user account, then neither would anyone else that sits down at your computer or otherwise accesses your local account.

You now have two new files in the ~/.ssh/ directory. These files are your public and private key and will be named id_rsa.pub and id_rsa respectively. The ssh, scp and sftp programs use these files automatically. To enable the server to recognize your key, follow these steps:

1. Log in as normal
2. you@silenceisdefeat.org $ cd ~/.ssh/
3. you@silenceisdefeat.org $ touch authorized_keys
4. Open the authorized_keys file you just created in a text editor.
5. Paste the contents of your id_rsa.pub file in to the authorized_keys file verbatim.

You should now be able to log in to silenceisdefeat.org using SSH Key Authentication.

These instructions written by silenceisdefeat user samble. Holler on IRC if you use this guide.

Retrieved from "http://silenceisdefeat.org/wiki/index.php/SSH Key Authentication"

From: Alexandre Quesnel alexandre.quesnel@mail.mcgill.ca Date: Sat, 6 Aug 2005 03:45:00 -0400 Content-Type: text/plain; charset="us-ascii" Subject: subclipse with svn+ssh solution

I'm using subclipse 0.9.32 on windows and I was having lots of trouble trying to get svn+ssh to work. After too much wasted time and giving up several times I finally found the solution and I though that it would be well worth my while to post it here.

I got the solution from Tim on the subversion mailing list http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=13453 but I'll repeat it.

First of all the problem is characterised by getting the following message in the svn console:

The system cannot find the file specified.

svn: Can't create tunnel: The system cannot find the file specified.

The solution to this is to tell svn where it can find the ssh executable. To do this you need to add the following line to the svn config file. On windows the file can be found at:

C:Documents and Settings[user_name]Application DataSubversionconfig

In this file there are sections one of which is tunnels . Make sure this section head is uncommented (there is no # at the beginning of the line) After the section head look for a like that starts with 'ssh = ' if you don't find that line then add the following, if you do find it then modify it to the following:

ssh = path to ssh client

for example I use:

ssh = D:/TortoiseSVN/bin/TortoisePlink.exe

I find the tortisesvn version of plink better than the original version of plink because it doesn't pop up an annoying cmd window every time you use svn. That's it, it should work now. Next you will want to set up an ssh key with the server so that you don't need to type in your password an innumerable number of times. Check out:

http://silenceisdefeat.org/wiki/index.php/SSH Key Authentication

for a pretty good howto. The steps are pretty simple: generate the keys, post the public key on the server, connect. Now you will need to fix up the Subversionconfig file to go along with the changes. Modify the line that was added before to be:

ssh = path to ssh client -2 -i path to private key file

for example I use:

ssh = D:/TortoiseSVN/bin/TortoisePlink.exe -2 -i D:/TortoiseSVN/bin/ssh2-DSA-1024.ppk

The -2 is because I need to force the use of ssh version 2 from generating a DSA key. I also don't put a passphrase on my key but that's because I feel that my workstation is fairly secure. Now subclipse should work with svn+ssh and have key auth to the server.

Hope you found this helpful.

Alex