To allow access to a system for a given identity, place the public key in your "$HOME/.ssh/authorized_keys2" file on that system. All keys listed in that file are allowed access.
You typically will want to authorize access to the local system using the local key (especially in an environment where multiple systems share the same home directory, e.g. using NFS). Thus a good start is to copy the public key for your default identity into the "$HOME/.ssh/authorized_keys2" file.
[WOMBATNET:/home/wombat]
$ cd ~/.ssh
[WOMBATNET:/home/wombat/.ssh]
$ cp id_dsa.pub authorized_keys2
Use a text editor to add more keys to the file, if applicable. If you use cut and paste to copy the key, make sure each key entry is a single line in the file. The keys to add are always the public keys (from files with the ".pub" extension).
You could now copy the "$HOME/.ssh/authorized_keys2" file to other remote systems to allow access from the local system (in our example WOMBATNET to chinookfe). First we create the target .ssh directory on chinookfe using ssh, then we copy over the "authorized_keys2" file from WOMBATNET using "scp".
[WOMBATNET:/home/wombat/.ssh]
$ ssh chinookfe.ucar.edu mkdir .ssh
The authenticity of host 'chinookfe (128.117.215.218)' can't be established.
DSA key fingerprint is 30:6b:2f:aa:64:14:6e:90:f4:43:62:11:07:f7:2b:64.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'chinookfe,128.117.215.218' (DSA) to the list of known hosts.
wombat@chinookfe's password:
[WOMBATNET:/home/wombat/.ssh]
$ scp authorized_keys2 chinookfe.ucar.edu:~/.ssh
wombat@chinookfe's password:
authorized_keys2 100% |************************************| 913 00:00
The above ssh sequence first establishes the authenticity of chinookfe and prompts you to verify that you want to continue the connection process, to which we respond "yes" and press "Enter". Authenticity of remote systems is verified the first time we connect to them, as shown above. After the initial connection, the required remote host information is stored in the "known_hosts" file in your local .ssh directory and you should not be prompted again. The process then prompts you for the password, which isn't echoed, and then it runs mkdir on chinnokfe to create the .ssh directory. The second step using scp copies the "authorized_keys2" file from WOMBATNET into the .ssh directory that we created on chinookfe.
NOTE: To gain access to restricted systems, you might need to send your public key in electronic mail, using DSA, to the administrator of the system. Just include the contents of the "$HOME/.ssh/id_dsa.pub" file for the appropriate system in the message. In the case of chinookfe and NCAR in general, there are no such restrictions.
If you have questions about this document, please contact SCD Customer Support. You can also reach us by telephone 24 hours a day, seven days a week at 303-497-1278. Additional contact methods: consult1@ucar.edu and during business hours in NCAR Mesa Lab Suite 39.