ssh public key authentication

1. ## keys erzeugen
2. $ ssh-keygen -t rsa   # erzeugt RSA key für Protokol 2
3. $ ssh-keygen -t dsa   # erzeugt DSA key für Protokol 2
4.  
5. ## public keys auf remote site kopieren
6. $ ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-system
7. $ ssh-copy-id -i ~/.ssh/id_dsa.pub user@remote-system
8. ## ... alternativ ohne ssh-copy-id
9. $ cat ~/.ssh/*.pub | ssh user@remote-system 'umask 077; cat >>.ssh/authorized_keys'
10.  
11. ### Anmeldung nur mit key (nur root):
12.     # /etc/ssh/sshd_config
13.     ...
14.     PermitRootLogin without-password
15.     ...
16. ### Anmeldung nur mit key (alle user):
17.     # /etc/ssh/sshd_config
18.     ...
19.     PasswordAuthentication no
20.     ChallengeResponseAuthentication no
21.     UsePAM yes
22.  
23. ## Centos 6 hat in der minimal installation kein scp
24. yum whatprovides "*/scp"         # in welchem Paket steckt scp?
25. yum install openssh-clients      # scp installieren
26.  
27. ## There is a bug in CentOS 6 / SELinux that results in all client presented certificates to be ignored when SELinux is set to Enforcing. To fix this simply:
28. restorecon -R -v /root/.ssh