Public Key Authentication

Public key authentication allows you to secure a remote machine with more than simply a password. If your public key is placed on the remote machine, you can login by using your private key instead of entering the user password.

If you would like to create a new DSA keypair, run following command:

$ ssh-keygen -t dsa

You may optionally also set a password that is asked everytime you use the private key. If you want to change the passphrase of a key, run this:

$ ssh-keygen -f id_dsa -p

The keys will be put in ~/.ssh/, where id_dsa is the private key and the public key.

You may now add the public key into ~/.ssh/authorized_keys on the remote machine (best way: Concatenate your public key into that file).


reverse SSH connection

This needs a running SSH server on both machines.

Let's say you're freddy and you'd like to give dodo access to your machine via SSH, but you're behind a firewall that you cannot configure for port-forwarding, thus the only way to set up a connection is a one-way-SSH from your machine to dodo's one.

In that case, you need to set up a reverse connection, that will allow dodo to use your connection in the other way; we assume dodo is running his SSH server on port 2222 and you know the credentials to access his machine:

freddy@freddysmachine:~$ ssh -R 1251:localhost:2222 dodo@dodosmachine

This will open a connection to dodo's machine and additionally “punch a hole” into his firewall on port 1251.

That “hole” can now be used by dodo to connect to your machine; we assume that dodo too knows the credentials to access your machine:

dodo@dodosmachine:~$ ssh freddy@localhost -p 1251