Public key authentication allows you to secure a remote machine with more than simply a password. If your public key is placed on the remote machine, you can login by using your private key instead of entering the user password.
If you would like to create a new DSA keypair, run following command:
$ ssh-keygen -t dsa
You may optionally also set a password that is asked everytime you use the private key. If you want to change the passphrase of a key, run this:
$ ssh-keygen -f id_dsa -p
The keys will be put in
the private key and
id_dsa.pub the public key.
You may now add the public key into
the remote machine (best way: Concatenate your public key into that file).
Let's say you're
freddy and you'd like to give
dodo access to your machine via SSH, but you're behind a
firewall that you cannot configure for port-forwarding, thus the only way to
set up a connection is a one-way-SSH from your machine to
In that case, you need to set up a reverse connection, that will allow
dodo to use your connection in the other way. We assume the
dodosmachineis running on port 2222.
freddysmachineis running on port 3333.
dodosmachineon port 1251.
freddy@freddysmachine:~$ ssh -R 1251:localhost:3333 dodo@dodosmachine -p 2222
This will open a connection to
dodo's machine and additionally
open a socket on his port 1251 listening for incoming connections.
That socket can now be used by
dodo to connect to your machine;
we assume that
dodo too knows the credentials to
access your machine:
dodo@dodosmachine:~$ ssh freddy@localhost -p 1251