Public key authentication allows you to secure a remote machine with more than simply a password. If your public key is placed on the remote machine, you can login by using your private key instead of entering the user password.
If you would like to create a new DSA keypair, run following command:
$ ssh-keygen -t dsa
You may optionally also set a password that is asked everytime you use the private key. If you want to change the passphrase of a key, run this:
$ ssh-keygen -f id_dsa -p
The keys will be put in
the private key and
id_dsa.pub the public key.
You may now add the public key into
the remote machine (best way: Concatenate your public key into that file).
Let's say you're
freddy and you'd like to give
dodo access to your machine via SSH, but you're behind a
firewall that you cannot configure for port-forwarding, thus the only way to
set up a connection is a one-way-SSH from your machine to
In that case, you need to set up a reverse connection, that will allow
dodo to use your connection in the other way; we assume
dodo is running his SSH server on port 2222 and you know the
credentials to access his machine:
freddy@freddysmachine:~$ ssh -R 1251:localhost:2222 dodo@dodosmachine
This will open a connection to
dodo's machine and additionally
“punch a hole” into his firewall on port 1251.
That “hole” can now be used by
dodo to connect to
your machine; we assume that
dodo too knows the credentials to
access your machine:
dodo@dodosmachine:~$ ssh freddy@localhost -p 1251