Public Key Authentication

Public key authentication allows you to secure a remote machine with more than simply a password. If your public key is placed on the remote machine, you can login by using your private key instead of entering the user password.

If you would like to create a new DSA keypair, run following command:

$ ssh-keygen -t dsa

You may optionally also set a password that is asked everytime you use the private key. If you want to change the passphrase of a key, run this:

$ ssh-keygen -f id_dsa -p

The keys will be put in ~/.ssh/, where id_dsa is the private key and the public key.

You may now add the public key into ~/.ssh/authorized_keys on the remote machine (best way: Concatenate your public key into that file).


reverse SSH connection

This needs a running SSH server on both machines.

Let's say you're freddy and you'd like to give dodo access to your machine via SSH, but you're behind a firewall that you cannot configure for port-forwarding, thus the only way to set up a connection is a one-way-SSH from your machine to dodo's one.

In that case, you need to set up a reverse connection, that will allow dodo to use your connection in the other way. We assume the following:

freddy@freddysmachine:~$ ssh -R 1251:localhost:3333 dodo@dodosmachine -p 2222

This will open a connection to dodo's machine and additionally open a socket on his port 1251 listening for incoming connections.

That socket can now be used by dodo to connect to your machine; we assume that dodo too knows the credentials to access your machine:

dodo@dodosmachine:~$ ssh freddy@localhost -p 1251