====== Generating SSH keys ======

SSH allows you to generate a list of key pairs. One private, one public. The two combined allow secure encryption and decryption of data. When used with SSH it allows very strong login to various services that use it. Some examples would be an SSH terminal, SFTP, and rsync. To generate a unique key pair for you, follow the directions below.

  - Open a shell in your favorite terminal application (Terminal.app, eterm, etc)
  - Type: **ssh-keygen -d** to generate a DSA public/private key pair.
  - You will then be prompted to enter a location to save the key pair. Feel free to use the default. If you plan to generate multiple key pairs, you should name them with a descriptive name, include the full path to where you want to store them, usually this is in your home directory inside the **.ssh/** directory. The private key will have the filename you enter, the public key will have .pub appended to the end of that filename. An example might be **/Users/username/.ssh/JoyentStrongspace**. This will generate two files. **JoyentStrongspace** and **JoyentStrongspace.pub**.\\
  - After generating the keys it will prompt for a passphrase. This will be used when accessing the keys, providing another level of security if someone were to obtain your private key (which of course you shouldn't share). You can leave it blank for rsync backups to Strongspace to work seamlessly without requiring the user to type in a password. However except for this case you **should** add a passphrase. You can then have this [[http://www.dribin.org/dave/blog/archives/2007/11/28/ssh_agent_leopard/|automatically unlocked using ssh-agent in Mac OS X 10.5]], or [[http://www.dribin.org/dave/blog/archives/2007/08/21/ssh_agent/|via SSH Agent or SSHKeyChain for Mac OS X 10.4]]. There are similar methods for [[http://www.webmonkey.com/tutorial/Automate_a_Remote_Login_Using_SSH-Agent|loading keys in Windows and Linux]]. This gives you the security of a passphrase, while only requiring you to type it once per session.
  - You should make sure your keys are private. Make sure your local **.ssh/** directory is restricted to you: **chmod 700 ~/.ssh && chmod 600 ~/.ssh/* **

==== Using your SSH Keys ====
After generating a key pair you can use it to login to your various Joyent services.
  - Create a file called ''authorized_keys'' on the server in **~/.ssh/**
  - Copy the contents of your **filename.pub** file (it's one line long) to the **authorized_keys** file, eg via **cat ~/.ssh/JoyentStrongspace.pub | ssh username@joyent-server 'cat >> .ssh/authorized_keys'** //(Note: if using **nano** to paste into authorized_keys make sure to use **nano -w** to disable automatic line wrapping.)//
  - You should make sure your keys are private. Make sure your local **.ssh/** directory is restricted to you: **chmod 700 ~/.ssh && chmod 600 ~/.ssh/* **
  - You can now access the server by typing: **ssh -i ~/.ssh/YOURKEY -o "PasswordAuthentication no" -p 22 username@theserver.tld** This isn't ideal, but with some simple configuration changes to your SSH client it can make your logins more secure.

==== SSH and config ====
After the last bit you were probably thinking, "Wow, that almost makes things harder." You're right, but we can make it easier. The following snippet of configuration makes it so you can skip the long line each time you want to login and essentially create an alias for each host you want to connect to via SSH.

  * Open **~/.ssh/config** in your favorite text editor (vi, vim, emacs, nano, TextMate)
  * The following lines will help make your life easier.
    
<code>
   Host favoritename
     HostName ServerIP
     IdentityFile ~/.ssh/keyfile
     PasswordAuthentication no
     Port 22
     User your_username
</code>

  * This allows you to type **ssh favoritename** at the command line and login to your server without having to type in lots of information about your connection.

<note important> You have to make sure you do not skip this step: **chmod 700 ~/.ssh && chmod 600 ~/.ssh/* **</note>