Authentification using public/private key

We can automatically login via ssh using keypair. So we will describe how to generate public/private key and install it in the client and the server.

Generate public/private key

First, the client must generate the couple public/private key:

ssh-keygen -t rsa

Two files have been create:

• ~/.ssh/id_rsa : the private key
• ~/.ssh/id_rsa_pub: the public key

Export the public key

Then, we have to export the client public key to the server:

cat ~/.ssh/id_rsa.pub | ssh user@myserver "cat - >>~/.ssh/authorized_keys"

or you can also use this easiest command:

ssh-copy-id -i ~/.ssh/id_rsa.pub user@myserver

Test

Finally, we have to test if it works (we have to login without authentication prompt):

ssh user@myserver

Tunneling

Example 1

ssh -f user@myserver -L localPort:myserver:remotePort -N

Then, use this adress to access to the service: localhost:localPort

Example 2

First, create ~/.ssh/config file with the following content

# A name to this configuration
Host myHost
# Your server hostname
HostName  myserver
# Your server port
Port remotePort
# Your server user
User user
 
########################
# Here begin the rules:
########################
 
# We will connect to all resources on a subnet throw the server named 'myserver'.
 
# Server1
LocalForward localPort1 ipAddress1:Port1
 
# Server2
LocalForward localPort2 ipAddress1:Port2
 
# Example1
LocalForward 1597 192.168.0.8:80
 
# Example2
LocalForward 1598 192.168.0.9:21

Then, connect like this:

ssh -N myHost

Now you will find be able to use to subnet resources like this: localhost:localPortX.
For example:
– if you want to look the website on the 192.168.0.8 server : http://localhost:1597.
– if you want to connect to the ftp on the 192.168.0.9 server: ftp://localhost:1598.

Note, you can not access to the resources that does not exists on your config file.