Preliminary

If you are reading this in the context of accessing the computer lab computers, you can stop reading now ... generating SSH keys for that context, should be done using the corresponding SSH web application. Using that webapp, your keys will be installed automatically where they are needed: your computer lab home directory of course, but also on the public ssh gateway (st.cs.kuleuven.be), the repository server, etc.

The example commands in this text are OpenSSH based ... there is a separate text that describes setting up a key pair using putty. The overall way of doing things, however, is of course the same, just the actual commands and configuration details differ.

You can (and probably should) read on to learn what's going on behind the scenes of that web application.

Setting up SSH

Remind that there are 2 protocol versions of ssh: ssh1 and ssh2. If you use an ssh2 client and try to contact an ssh2 server and both can fall back to the ssh1 protocol, give special attention when generating/configuring/using keys. If you set up a key pair for one version, you cannot use that key pair for the other version, even if you use the same client and server. You must make sure you setup the right key pair for the right version.

When in doubt and things do not work as expected, try using the verbose mode when connecting (ssh -v) and see what keys and protocol version really are used.

As an example of what can go wrong : The OpenSsh implementation by default generates a key pair for ssh version 1, but tries to connect (also by default) with protocol version 2. You need to give special command line options when generating the key pair, to instruct it to generate a version 2 key pair !

There are two things to do before you can use ssh with a public and private key pair:

  1. Generate the public and private key pair to identify yourself.
  2. Setup which (remote) keys you trust and authorize to connect.
    If all this text is too much, you can also consult this cook book recipe explaining just enough to be able to login from one computer to another one using a public and private key pair.
    Don't expect much explanation or alternatives here !
    It is probably best to have a look at the rest of this documentation as well, so that you know what is going on.

Overview

The .ssh and/or .ssh2 directories in your home directory can contain the following files:

Files that are used to start a connection to and identify yourself on a remote machine. They are not used nor needed on the remote machine your are connecting to.

  • identity and identity.pub, containing your private and public key pair for protocol 1
  • id_dsa and id_dsa.pub, containing your private and public DSA key pair for protocol 2
  • id_rsa and id_rsa.pub, containing your private and public RSA key pair for protocol 2
  • identification, containing the identities you want to use (for the Ssh2 implementation only)
  • known_hosts and known_hosts2, containing the public keys of the remote machines you have connected to in the past (see also the section about the host keys)

Files that are used on the remote machine when connecting to it. They are not used nor needed on the machine the connection is started from.

  • authorized_keys, authorized_keys2 and authorization, containing the public keys of your identities on remote machines you trust to connect to the local machine