About SSH Keys [expand title="Read More..." swaptitle=" "]
Secure Shell (better known as SSH) is a cryptographic network protocol which allows users to securely perform a number of network services over an unsecured network. SSH keys provide a more secure way of logging into a server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone.
Generating a key pair provides you with two long string of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. You can increase security even more by protecting the private key with a passphrase.[/expand]
Create the RSA Key Pair[expand title="Read More..." swaptitle=" "]
The first step is to create the key pair on the client machine (there is a good chance that this will just be your computer):
ssh-keygen -t rsa [/expand]
Store the Keys and Passphrase[expand title="Read More..." swaptitle=" "]
Once you have entered the Gen Key command, you will get a few more questions:
Enter file in which to save the key (/home/demo/.ssh/id_rsa):
You can press enter here, saving the file to the user home (in this case, my example user is called demo).
Enter passphrase (empty for no passphrase):
It’s up to you whether you want to use a passphrase. Entering a
passphrase does have its benefits: the security of a key, no matter how
encrypted, still depends on the fact that it is not visible to anyone
else. Should a passphrase-protected private key fall into an
unauthorized users possession, they will be unable to log in to its
associated accounts until they figure out the passphrase, buying the
hacked user some extra time. The only downside, of course, to having a
passphrase, is then having to type it in each time you use the key pair.
The entire key generation process looks like this:
ssh-keygen -t rsa
OutputGenerating public/private rsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/demo/.ssh/id_rsa.
Your public key has been saved in /home/demo/.ssh/id_rsa.pub.
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a
The key's randomart image is:
+--[ RSA 2048]----+
| .oo. |
| . o.E |
| + . o |
| . = = . |
| = S = . |
| o + = + |
| . o + o . |
| . o |
| |
+-----------------+
The public key is now located in /home/demo/.ssh/id_rsa.pub
. The private key (identification) is now located in /home/demo/.ssh/id_rsa
. [/expand]
Copy the Public Key[expand title="Read More..." swaptitle=" "]
Once the key pair is generated, it’s time to place the public key on the server that we want to use.
You can copy the public key into the new machine’s authorized_keys
file with the ssh-copy-id command. Make sure to replace the example
username and IP address below.
ssh-copy-id demo@198.51.100.0 [/expand]