Authorize a Key Pair
Whenever you try to establish a connection to an ssh server, you need to provide proof that you are authorized to connect. This authentification is done with the public and private key pair and corresponding passphrase you have generated.Each public and private key pair and corresponding passphrase represents an identity with which you wish to connect to some computer.
On the computer you wish to login to (from a remote client), you must specify which identities are allowed to connect (you must create the below specified files yourself, they are not created automagically):
-
OpenSsh by default uses the file authorized_keys for
protocol 1 and authorized_keys2 for protocol 2 in the
.ssh directory in your home directory. In these
files, the public keys of the identities you allow to connect,
must be enumerated, each on a separate line. Just copy the
contents of the public key file of the identities you want to
allow in the appropriate file (e.g. with copy and paste or
with the >> redirect).
The ssh-keygen command can transform from and to other formats of keys to be able to connect to/from Ssh2 servers/clients. Consult the man page for a description of the -e and -i options. - Ssh1 by default uses the file authorized_keys in the .ssh directory in your home directory, in which the public keys of the identities you allow to connect, must be enumerated, each on a separate line. Just copy the contents of the public key file of the identities you want to allow in this file (e.g. with copy and paste or with the >> redirect).
- Ssh2 by default uses the file authorization in the .ssh2 directory in your home directory. In this file the names of the files containing the public keys of the identities you want to allow to connect, must be enumerated. Each file name is specified on a separate line, preceded by the keyword Key (e.g. Key id_dsa_1024_a.pub). You must of course also copy the file containing the public key itself to that directory, using the same name as in the authorization file.
The use of the files authorized_keys, authorized_keys2 and authorization corresponds to the use of the .rhosts file when connecting using the rsh protocol. The ssh protocol is of course much safer because it uses a public and private key pair, where as the rsh protocol believes everything you say ;-)
When connecting using a specific public and private key pair, you are of course challenged to prove that you are the rightfull user of that identity. You are asked for the passphrase that corresponds to the key pair you are using. If the passphrase you give is correct, you are connected. If not, you are of course disconnected. The passphrase is used to decrypt the (private) key, so if you give the wrong one, the key cannot be decrypted correctly and the connection cannot be established.
You must provide the correct passphrase each time you try to connect to a remote computer (i.e. each time the (private) key must be decrypted). When you want to connect several times, e.g. when opening several terminal windows, you are asked for the passphrase for each connection. If you only rarely connect using the key pair, this is not a problem. If you regularly connect in this way, you might consider using an ssh key agent. Such an agent will ask for the passphrase for a specific key pair only once (during a session) and will automatically remember and use it when needed.