SSH Version 2
 from Stuart:
On crouton as user sgd:  ssh-keygen -t dsa
When it asks for a passphrase, just hit return for a blank password.
Copy ~sgd/.ssh/id_dsa.pub on crouton to ~sgd/.ssh/authorized_keys on meatloaf.
on meatloaf:
1:20 PM~sgd/.ssh has 700 permissions.
~sgd/.ssh/authorized_keys has 600 permissions.
Both ~sgd/.ssh and ~sgd/.ssh/authorized_keys to be owned by user and group sgd.

**NOTE email for people**
SSH offers two protocol versions and two different key types, and how  
you invoke ssh-keygen will determine these parameters.  If you just  
ran "ssh-keygen", it will create the files id_rsa and id_rsa.pub in  
your .ssh subdirectory.  We tend to use DSA keys, so we usually run  
"ssh-keygen -t dsa", which creates the files id_dsa and id_dsa.pub in  
the .ssh subdirectory.

Knowing the names of the files created is needed for the second  
question...

2.  Which file did you submit back to your collaborator at UCSF?

They need to install your public key on their server.  So depending on  
which key you generated, you either need to send them a copy of .ssh/ 
id_rsa.pub or .ssh/id_dsa.pub.  (Technically there is a third option,  
but I doubt they would have asked you to generate that key type.)   
Which file (if either) did you send to them?

3.  What command are you running to connect to their server?  Are you  
using the sftp command?  If so, can you try running sftp with the -v  
flag to get more detailed debugging information and pass the output  
back along to us?  That may give us more of a clue of what is happening.


.ssh/authorized_keys
And SSH is very picky about permissions.
1:41 PMThe authorized_keys file needs to be owned by the user and permissions set to 600.
The .ssh directory needs to be owned by the user with permissions set to 700.
If the permissions aren't set, SSH won't honor the key.

On the local machine, type the BOLD part. The non-bold part is what you might see as output or prompt.

Step 1:
% ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (~/.ssh/id_dsa): (just type return)
Enter passphrase (empty for no passphrase): (just type return)
Enter same passphrase again: (just type return)
Your identification has been saved in ~/.ssh/id_dsa
Your public key has been saved in ~/.ssh/id_dsa.pub
The key fingerprint is: 
Some really long string
%
Step 2:
Then, paste the content of the local ~/.ssh/id_dsa.pub file into the file ~/.ssh/authorized_keys on the remote
 host.
RSA instead of DSA
If you want something strong, you could try 
% ssh-keygen -t rsa -b 4096
Instead of the names id_dsa and id_dsa.pub, it will be id_rsa and id_rsa.pub, etc.
The rest of the steps are identical.
That's it!

FAQ:

Q: I follow the exact steps, but ssh still ask me for my password!
A: Check your remote .ssh directory. It should have only your own read/write/access permission (octal 700)
% chmod 700 ~/.ssh
SSH Version 1

Step 1:
% cd ~/.ssh
% ssh-keygen -t rsa1
Generating public/private rsa1 key pair.
Enter file in which to save the key (~/.ssh/identity): (just type return)
Enter passphrase (empty for no passphrase): (just type return)
Enter same passphrase again: (just type return)
Your identification has been saved in ~/.ssh/identity
Your public key has been saved in ~/.ssh/identity.pub
The key fingerprint is:
Some really long string
%
Step 2:
Then, paste content of the local ~/.ssh/identity.pub file into the file ~/.ssh/authorized_keys on the remote h
ost.
 Via Stuart:
Assuming you have access to a command line SSH client, hopefully you have some utility called "ssh-keygen" or 
something similar. 
 If you have ssh-keygen, you would create a key by running the following command:

        ssh-keygen -t dsa

It will print something like the following:

        Generating public/private dsa key pair.
        Enter file in which to save the key (/Users/miyasato/.ssh/id_dsa): 

Just hit the return key to save the files into the default location, which should be fine.  It will then print
 something like this:

        Enter passphrase (empty for no passphrase): 

Again, just hit the return key.  This will create the SSH keys with no passphrase associated with them.

        Enter same passphrase again: 

And again, hit the return key.

It will then print a message about saving a couple of files.  You can pretty much ignore these messages.
  The program will have created a couple of files inside the .ssh subdirectory of your home directory.
  The SSH key consists of two files inside that directory -- one called id_dsa (the private key)
 and one called id_dsa.pub (the public key).  You should protect your private key
 as you would a password and not show it to anyone.  Your public key does not need to be protected in this way
.
  In fact, I will need you to email me this file (id_dsa.pub) so I can place it on the CVS server.
  Once it's in place on the server, you will be able to authenticate to the server without needing to type a p
assword.

If none of this looks at all familiar, then we'll have to regroup to see what kind of client you have and go f
rom there.

Hope this helps!