====== SSH public/private key pairs ====== A SSH key pair is needed to log into a remote server with SSH without a password. The SSH key pair consists of two keys (surprise :-)), namely * a **private key** that remains on your computer, usually in a file called ''id_dsa'' in the directory ''.ssh''. This key is also usually protected by a passphrase (a password just for this key). You can copy the file to another computer if you want to have access from that computer. You should not give this key to anybody else. * a **public key** that has to be put on the computer you want to be able to log in. This key is usually in a file called ''id_dsa.pub'' in the directory ''.ssh''. You can copy this file and send it to the administrator of the server you want to access. The login process works by combining the public key (that the administrator put on the server) and the private key (that is unlocked with the passphrase) that is presented to the server by your SSH client. When the two keys match you are allowed to log in. For more information about how this kind of authentication works see [[wp>Public-key_cryptography]] ====== Creating a SSH key pair ====== You can create a SSH public/private key pair by entering ''ssh-keygen -t dsa'' on the command line. Then your key pair is computed and the program asks you where to store the keys. You should accept the default location and just press return. Then the program asks you to enter the passphrase for the private key (twice). You should not leave the passphrase empty! You can use the same password that you use to login to the system if you want. But remember that the passphrase is separate from the system login so when you change your system password the passphrase still uses the old password (you can change the pasphrase with the command ''ssh-keygen -p''). After this you have two key files in the ''.ssh'' directory (unless you changed the location of the key files): ''id_dsa'' your private key file and ''id_dsa.pub'' your public key file. You can copy the public key file to your desktop with the command ''cp ~/.ssh/id_dsa.pub ~/Desktop/'' to send it to the administrator of the server.