SSH keys 101
source link: https://barryvanveen.nl/articles/53-ssh-keys-101
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
SSH keys 101
Jan 04, 2019
SSH keys can be used to create a secure connection to a remote computer. In other words, they are an alternative to logging in using a password.
Keys come in pairs: a private key and a public key. The public key is meant to be shared, the private key should never be shared, obviously.
The steps for setting up SSH keys for authentication are simple:
The rest of this article lists various methods of achieving these steps.
All following commands use username barry
and IP address 123.123.123.123
. Naturally, these should be replaced by your own username and the IP address or hostname of your choice.
Find an existing SSH key
Keys are generally stored in the .ssh
folder in your home directory (on your local machine!) For me that would be /home/barry/.ssh
.
If that folder contains the files id_rsa
and id_rsa.pub
you already have an existing key pair. Of these, id_rsa
is the private key and id_rsa.pub
is the public key.
Create a new SSH key
In case you don't have an existing SSH key pair, or if you want to overwrite these, run the following command:
$ ssh-keygen -t rsa
The command will ask you some questions:
- At what location do you want to save the keys? If you don't know, just use the default location.
- What passphrase (password) do you want to use? You can leave this blank if you don't want a passphrase. This makes automation easier but means you have the private key absolutely private. Read Do I need to have a passphrase for my SSH RSA key? for more details.
Add an SSH key to a remote machine
The file /home/<username>/.ssh/authorized_keys
contains all public keys that can be used to log in as that user. In order to authenticate ourselves, we will need to copy our public key to the authorized_keys
of the user on the remote computer.
This can be done in 3 ways:
1. Manually add a public key to authorized keys
Get the contents of your private key id_rsa.pub
. The contents should look similar to this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTSqkjrM7jGLSOr6iRlJbtsLo9hbNkIWKuwqYTYxBOrhlkNranC6GZeuW0xXiQGHoa43PuU/WXrtD9DH7JjcfGiAF+2msdZNxw52qXQJCZ4qDIokzRK499ZJka9ug35qRagCGJbrXOV52b29mCMhcUyxGg5YwssrsGyW36Jx1+hhJsTWoaGBwh3CwDKRPMU/CVAe3NPjd1O/w8o3faenLepir2PgXSx5A5igcDJExfYnmReeGVKuUhfKtc0OPx6D8zyGbn5eGVO07DXhzPkUhk6OUcYXdfkpozMUOAOFC9zYbXHR4fOuQ3B9mjpDbUQZkeC9mhNMvYBRcsYZ1iQdqb username@hostname
Now, login to the remote computer and edit /home/barry/.ssh/authorized_keys
. Add the contents of your public key to the end of the file and save it.
2. Add a public key to the autorized_keys using bash
The above can also be achieved by executing the following command:
$ cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
This command automates all the things we did before:
- First it gets the content of the public key (
cat ~/.ssh/id_rsa.pub
) - Then it connects to the remote machine (
ssh [email protected]
) - Now that we have connected, it executes the rest of the command which ensures that the
.ssh
directory exists and is writable before it appends the contents of the public key to the authorized keys ("mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
)
3. Add a public key to authorized_keys using ssh-copy-id
The ssh-copy-id
utility makes the process even simpler, but it is not installed on all machines. Just run the following command:
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Connect to the remote machine
If everything was set up in the correct way, you can now connect like this:
$ ssh [email protected]
If you have stored your private key in a different location, try this:
$ ssh -i /path/to/id_rsa [email protected]
I hope you enjoyed this article and found it helpful. Let me know what you think by leaving a comment!
Other articles
If you liked this article, you might also like:
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK