List of content you will read in this article:
What is an SSH Key? An SSH key is not new if you are familiar with the IT environment and understand the cloud infrastructure. So, SSH or Secure Shell keys are an access credential for the SSH secure shell network. Authentication and encryption are used for remote communication between machines on an unsecured open network. Some of its uses are remote file transfer, remote operating system, and network management.
SSH keys are a set of tools that people use to interact with the SSH protocol. In this guide, you will get thorough information about SSH keys and how you can easily set them up without having any trouble.
What is an SSH Key?
SSH keys have different sizes, but one of the most famous variants is an RSA 2048-bit encryption. So an RSA 2048-bit encryption is comparable to the 617 digits long password. In an operating system like Windows, it is good to create an SSH key pair by downloading and using SSH clients. On operating systems like Linux and Mac, you can generate SSH keys pairs by using the Terminal.
How to Set Up an SSH Key?
Now, we will describe complete information to set up an SSH Key easily as we have divided the procedure into multiple steps.
Generate an SSH Key Pair
You can use our given procedure to generate an SSH key pair, so first, run the following command:
Once you execute the command, your system will provide the output like this:
laptop1:~ yourname$ ssh-keygen
Generating public/private rsa key pair.
Now the system will ask you to select the location in which you want to store the keys:
Enter file in which to save the key (/Users/yourname/.ssh/id_rsa):
After choosing the location, the system will ask you to choose the password:
Enter passphrase (empty for no passphrase):
Enter the same passphrase again:
Once you provide storage location and password information, the system will generate public and private keys.
- id_rsa is your private key
- id_rsa.pub is your public key
Your identification has been saved in /Users/yourname/.ssh/id_rsa.
Your public key has been saved in /Users/yourname/.ssh/id_rsa.pub.
You will get "visual fingerprint" of your key is as follow:
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| . o |
| . . * . |
| . . = o |
| o S . o |
| . . o oE |
| . .oo +. |
| .o.o.*. |
| ....= o |
After completing the above procedure, your authorized key will look like this:
Ecdsa-sha2-nistp256 AAAAE2 VjZHNhLXN0YTtbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN+ Mh3U / 3We4VYtV 1QmWUFIz FLTUeegl1Ao5 / QGtCRGAZn8bxX9KlCrrWISIjSYAwCajIEGSPEZwPNMBoK8XD8Q = ylo@klar
Finally, your identity key will look like this:
-----BEGIN EC PRIVATE KEY-----
-----END EC PRIVATE KEY-----
Configure an SSH/SFTP User for Your Key
There are two methods to configure an SHH/SFTP user for the key, so these methods are:
Method 1: Using ssh-copy-id
You have your SSH key. Now you are ready to run it on your system. First, run the following command and replace x.x.x.x with your IP address and sysuser with your computer name:
Method 2: Manual Configuration
When you do not have the ssh-copy-id command, you can SSH it to your server manually:
Create the .ssh/authorized_keys and run the following command:
(umask 077 && test -d ~/.ssh || mkdir ~/.ssh)
(umask 077 && touch ~/.ssh/authorized_keys)
Edit the file .ssh/authorized_keys with the help of your preferred editor and paste id_rsa.pub.
Log In Using Your Private Key
SSH or SFTP into your server using your private key with the help of the following command:
If you haven't created the default location, you will have to type the following:
ssh -i ~/.ssh/custom_key_name SYSUSER@x.x.x.x
Granting Access to Multiple Keys
.ssh/authorized_keys file uses a simple format so if you have multiple users or developers, then grant them access. Follow the instructions use ssh-copy-id, or you can manually paste it into additional keys, one at each.
After completing the process .ssh/authorized_keys file will look something like this:
(Don’t copy this, use your own public keys):
ssh-rsa AAAAB3NzaC1yc 2EAAAADAQABAAABA QDSkT3A1j89RT / 540ghIMHXIV w NlAEM3W tmqVG7YN / wYwtsJ8iCszg4 / lXQsfLFxYmEVe8L9 atgtMGCi5QdYPl4X / c+5YxFfm88Yjfx+ 2xEgUdOr 864eaI22ya NMQ0AlyilmK + PcSyxKP4dzkf6 B5Nsw 8lhfB5n 9F5md 6GHLLjOGu BbHYlesKJKnt2c MzzS90 BdRk73qW6wJ+ MCUWo +cyBFZVGOzrjJGEcHewOCbVs +IJWBFSi6w1enbKGc +RY9KrnzeDKWWqzYnNofiHGVFAu MxrmZOasqlTIKiC2UK3RmLx ZicWiQmPnpnjJRo 7pL0oYM9r/ sIWzD6i2S9szDy6aZ mike@laptop1
ssh-rsa AAAAB3NzaC1yc 2EAAAADAQABAAABAQC zlL9Wo8yw EFXSvMJ8FY mxP6HHHMD TyYAWwM3AO tsc96DcYVQIJ5V sydZf5 /4NWuq55Mqnzdn GB2IfjQvOrW4Jen 0cI5UFTvAG4PkfYZb 00Hbvwho8JsS AwChvWU6I uhgiiUBofKSMMifKg+ pEJ0dLjks 2GUcfxeBwbNn AgxsBvY6BCXRfezIdd PlqyfWfnftqnafIFvuiRFB1 DeeBr24kik /550MaieQpJ848 +MgIeVCjko4NPPLssJ /1jhGEHOTlGJpWKGDqQK + QBaOQZh7JB7ehTK +pwIFHbUaeAkr66i VYJuC05iA7ot 9FZX8XGkxgmhlna FHNf0l8ynosanqt henry@laptop2
Retrieve Your Public Key from Your Private Key
You can retrieve the public key from a private key by using this command:
ssh-keygen -y -f /path/to/your_private_key_file (eg. /root/.ssh/id_rsa or ~/.ssh/custom_key_name)
Correcting permissions on the .ssh directory
First, run these commands on your server while SSH'd in as your app's system user:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
If anyone tries to enter a password, will receive a message like:
Permission denied (publickey,password).
No supported authentication methods available
Manage Multiple SSH Keys
First, you have to enter SSH config, create a new file: ~/.ssh/config, and open it for editing:
Managing Custom Named SSH key
Configure file to avoid adding custom-named SSH keys using ssh-add all the time. Suppose your SSH key is named ~/.ssh/id_rsa, add the following to the config file:
In the above syntax, ~/.ssh/id_rsa is not in ssh-agent by opening another terminal and edit:
All keys will be removed, which has an active ssh-agent session. Now you can configure the file will use the key at ~/.ssh/ida_rsa. Here are some of the best configuration examples:
Now you can use:
git clone git@bitbucket-corporate:company/project.git
Now you can use:
git clone git@bitbucket-personal:username/other-pi-project.git
Generate an SSH Key on Mac and Linux
For starting the key creation process, you can execute the following command:
ssh-keygen -t rsa -b 4096 -C "firstname.lastname@example.org"
"Enter a file in which to save the key."
> Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
Press "Enter" to accept the default file location. Now you can add a passphrase to keys that will prevent this scenario.
> Enter passphrase (empty for no passphrase): [Type a passphrase]
> Enter the same passphrase again: [Type passphrase again]
Add the new SSH key to the ssh-agent and this SSH key to the ssh-agent first ensure the ssh-agent is running by executing:
$ eval "$(ssh-agent -s)"
> Agent pid 59566
Add the new SSH key to the local SSH agent.
ssh-add -K /Users/you/.ssh/id_rsa
Finally, the new SSH key is now registered and ready to use.
Moving SSH keys to a Root-Owned Location
Moving SSH keys to a root-owned location is easy, and here the reasons why we said it:
- Create a suitable root-owned directory, e.g., /etc/ssh/keys, under which authorized keys are stored.
- Create a subdirectory under this directory for each user, and move each user's authorized_keys file to /etc/ssh/keys//authorized_keys.
- Finally, change set AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys in /etc/ssh/sshd_config.
An in-depth understanding of SSH helps users understand the important aspects and security regarding this technology. Most people consider this simple process as a web of commands and instructions to follow.
The computer takes less than a second to calculate a hash and authenticates a user. People don't realize this extremely low time and think that it might have taken computers a few seconds to process that much complicated information.
The maximum time which computer uses is taken on the internet where it sends and receives data. This tutorial is made to let you know that these various technologies are adaptable and responsive.
You can club these technologies together to create a state-of-the-art system. But beware that each mechanism and process has a vital role to play in the whole process. To set up an SSH connection, you will need to get a Linux VPS: get it now and start creating.