# SSH key passphrase authentication

## OdinsDream

How can I enable RSA keyphrase authentication when my users log in via SSH, rather than asking for their system password?

I'm interested in creating keys for the users, and then having it ask them for their passphrase when they SSH to the server.

----------

## mglauche

create a rsa keypair, sing it with a keyphrase, then upload the public part to the server you want to connect to. Also check out the EXCELENT howto on ssh keymanagement on the gentoo frontpage.

----------

## OdinsDream

I'm not sure I understand "then upload the public part to the server you want to connect to".

I'm running Gentoo on my machine... "p2c2e".

I want to log into p2c2e via SSH, from anywhere else, and I want it to ask me for my username, and then instead of password, I want Keyphrase.

Is this possible? or am I going to have to carry around public key data wherever I go?

----------

## nitro322

read the articles he mentioned - they're excellent guides.  I set this up myself the other day using these articles and I had everything working in minutes.  Here are the direct links:

http://www-106.ibm.com/developerworks/linux/library/l-keyc/

http://www-106.ibm.com/developerworks/linux/library/l-keyc2/

http://www-106.ibm.com/developerworks/linux/library/l-keyc3/

Parts 1 and 2 should cover all the basics.  Have fun!

----------

## OdinsDream

Great!

This is working now, as long as I do ssh user@p2c2e, but if I just do ssh p2c2e and then type in a user name, I get the classic password authentication.

Is there a way to make both methods ask for keyphrases?

----------

## BackSeat

Do you have the same username on both systems? If not, check out the use of the .ssh/config file, which can provice the remote username for you.

BS

----------

## OdinsDream

 *BackSeat wrote:*   

> Do you have the same username on both systems? If not, check out the use of the .ssh/config file, which can provice the remote username for you.
> 
> BS

 

I'm logging in to my own Gentoo box remotely, usually with Putty on a Windows machine.

----------

## onlawn

On the Putty website is the long instructions on using rsa/dsa keypairs.  In the end it wasn't worth it.  I still use Putty, but not that way.

For an alternative, try Cygwin.  It will work with Daniel's tutorial.  Just install the ssh and cygwindll packages if thats all you want.

----------

## OdinsDream

Well, I'm not as concerned with my own ability to work around this as I am with other users I add to the system. 

I want all logins to be done via RSA keyphrase authentication, regardless of the client, and how they connect.

At the very least, I'd like to disable standard password authentication. Is this possible ?

----------

## rac

 *OdinsDream wrote:*   

> At the very least, I'd like to disable standard password authentication. Is this possible ?

 

In /etc/ssh/sshd_config, 

```
# To disable tunneled clear text passwordsl, change to no here!

PasswordAuthentication no
```

----------

