What is an SSH KEY?

SSH key is an access credential for the SSH secure shell network. The authentication and encryption is used for remote communication between machines on an unsecured open network.

Some of its uses are remote file transfer, remote operating system, and network management. This is a set of tool which people use to interact on the SSH protocol.

Generate an SSH Key Pair

To generate an SSH key pair, run the following command:

ssh-keygen

It will look like this:

laptop1:~ yourname$ ssh-keygen

Generating public/private rsa key pair.

You'll be asked to choose the location for storing the keys:

Enter file in which to save the key (/Users/yourname/.ssh/id_rsa):

Then you will be instructed to choose a password:

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your public and private keys are generated.

id_rsa is your private key

id_rsa.pub is your public key

Your identification has been saved in /Users/yourname/.ssh/id_rsa.

Your public key has been saved in /Users/yourname/.ssh/id_rsa.pub.

"visual fingerprint" of your key is as follow:

The key fingerprint is:

d7:21:c7:d6:b8:3a:29:29:11:ae:6f:79:bc:67:63:53 yourname@laptop1

The key's randomart image is:

+--[ RSA 2048]----+

|                 |

|           . o   |

|      .   . * .  |

|     . .   = o   |

|      o S . o    |

|     . . o oE    |

|    . .oo +.     |

|     .o.o.*.     |

|     ....= o     |

+-----------------+

What do SSH keys look like

An authorized key can look like this:

Ecdsa-sha2-nistp256 AAAAE2 VjZHNhLXN0YTtbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN+ Mh3U / 3We4VYtV 1QmWUFIz FLTUeegl1Ao5 / QGtCRGAZn8bxX9KlCrrWISIjSYAwCajIEGSPEZwPNMBoK8XD8Q = ylo@klar

An identity key can look like this:

-----BEGIN EC PRIVATE KEY-----

MHcCAQEEIJWbvSW7h50HPwG+bWR3DXgQ6YhOxYbe0ifr1rRUvsUuoAoGCCqGSM49

AwEHoUQDQgAE34yHdT/dZ7hVi1XVCZZQUjMUtNR56CXUCjn9Aa0JEYBmfxvFf0qU

KutYhIiNJgDAJqMgQZI8RnA80wGgrxcPxA==

-----END EC PRIVATE KEY-----

Configure an SSH/SFTP User for Your Key

Method 1: Using ssh-copy-id

You have your SSH key. Now you are ready to run it on your system.

Run the following command and replace x.x.x.x with your IP address and sysuser with your computer name:

ssh-copy-id SYSUSER@x.x.x.x

Method 2: Manual Configuration

When you do not have ssh-copy-id command, you can SSH it to your server manually:

Create the .ssh/authorized_keys and run the following command:

(umask 077 && test -d ~/.ssh || mkdir ~/.ssh)

(umask 077 && touch ~/.ssh/authorized_keys)

Edit the file .ssh/authorized_keys with the help of your preferred editor and paste  id_rsa.pub.

Log In Using Your Private Key

SSH or SFTP into your server using your private key with the help of the following command:

ssh SYSUSER@x.x.x.x

If you haven't created the default location, you will have to type the following:

ssh -i ~/.ssh/custom_key_name SYSUSER@x.x.x.x

Granting Access to Multiple Keys

.ssh/authorized_keys file uses simple format.  If you have multiple users or developers, you need to grant them access. Follow the instructions use ssh-copy-id, or you can manually paste it into additional keys one at each.

After completing the process .ssh/authorized_keys file will look something like this:

 (Don’t copy this, use your own public keys):

ssh-rsa AAAAB3NzaC1yc 2EAAAADAQABAAABA QDSkT3A1j89RT / 540ghIMHXIV w NlAEM3W tmqVG7YN / wYwtsJ8iCszg4 / lXQsfLFxYmEVe8L9 atgtMGCi5QdYPl4X / c+5YxFfm88Yjfx+ 2xEgUdOr 864eaI22ya NMQ0AlyilmK + PcSyxKP4dzkf6 B5Nsw 8lhfB5n 9F5md 6GHLLjOGu BbHYlesKJKnt2c MzzS90 BdRk73qW6wJ+ MCUWo +cyBFZVGOzrjJGEcHewOCbVs +IJWBFSi6w1enbKGc +RY9KrnzeDKWWqzYnNofiHGVFAu MxrmZOasqlTIKiC2UK3RmLx ZicWiQmPnpnjJRo 7pL0oYM9r/ sIWzD6i2S9szDy6aZ  mike@laptop1

ssh-rsa AAAAB3NzaC1yc 2EAAAADAQABAAABAQC zlL9Wo8yw EFXSvMJ8FY mxP6HHHMD TyYAWwM3AO tsc96DcYVQIJ5V sydZf5 /4NWuq55Mqnzdn GB2IfjQvOrW4Jen 0cI5UFTvAG4PkfYZb 00Hbvwho8JsS AwChvWU6I uhgiiUBofKSMMifKg+ pEJ0dLjks 2GUcfxeBwbNn AgxsBvY6BCXRfezIdd PlqyfWfnftqnafIFvuiRFB1 DeeBr24kik /550MaieQpJ848 +MgIeVCjko4NPPLssJ /1jhGEHOTlGJpWKGDqQK + QBaOQZh7JB7ehTK +pwIFHbUaeAkr66i VYJuC05iA7ot 9FZX8XGkxgmhlna FHNf0l8ynosanqt henry@laptop2

Additional Information

Retrieve Your Public Key from Your Private Key

Retrieve the public key from a private key by using this command:

ssh-keygen -y -f /path/to/your_private_key_file (eg. /root/.ssh/id_rsa or ~/.ssh/custom_key_name)

Correcting Permissions on the .ssh Directory

Run these commands on your server

while SSH'd in as your app's system user:

chmod 700 ~/.ssh

chmod 600 ~/.ssh/authorized_keys

Anyone entering a password will receive a message like:

Permission denied (publickey,password).

Or

No supported authentication methods available

Manage Multiple SSH Keys

SSH config

Enter SSH config, create a new file: ~/.ssh/config and open it for editing:

nano ~/.ssh/config

Managing Custom Named SSH key

Configure file to avoid adding custom-named SSH keys using ssh-add all the time.

Suppose your SSH key is named ~/.ssh/id_rsa, add the following to the config file:

Host github.com

  HostName github.com

  User git

  IdentityFile ~/.ssh/id_rsa

  IdentitiesOnly yes

~/.ssh/id_rsa is not in ssh-agent by opening another terminal and edit:

ssh-add -D

All keys will be removed, having an active ssh-agent session.

Configure file will use the key at ~/.ssh/ida_rsa.

Some useful configuration examples:

Host bitbucket-corporate

        HostName bitbucket.org

        User git

        IdentityFile ~/.ssh/id_rsa_corp

        IdentitiesOnly yes

Now you can use:

 git clone git@bitbucket-corporate:company/project.git

Host bitbucket-personal

        HostName bitbucket.org

        User git

        IdentityFile ~/.ssh/id_rsa_personal

        IdentitiesOnly yes

Now you can use:

git clone git@bitbucket-personal:username/other-pi-project.git

Host myserver

        HostName ssh.username.com

        Port 1111

        IdentityFile ~/.ssh/id_rsa_personal

        IdentitiesOnly yes

        User username

        IdentitiesOnly yes

Generate an SSH Key on Mac and Linux

Execute the following to begin the key creation

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

"Enter a file in which to save the key."

> Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]

Press “Enter” to accept the default file location.

Add a passphrase to keys that will prevent this scenario.

> Enter passphrase (empty for no passphrase): [Type a passphrase]

> Enter same passphrase again: [Type passphrase again]

Add the new SSH key to the ssh-agent

SSH key to the ssh-agent first ensure the ssh-agent is running by executing:

$ eval "$(ssh-agent -s)"

> Agent pid 59566

Add the new SSH key to the local SSH agent.

ssh-add -K /Users/you/.ssh/id_rsa

The new SSH key is now registered and ready to use!

Moving SSH keys to a root-owned location

Moving SSH keys to a root-owned location is easy:

1. Create a suitable root-owned directory, e.g., /etc/ssh/keys, under which authorized keys are stored.
2. Create a subdirectory under this directory for each user, and move each user's authorized_keys file to /etc/ssh/keys//authorized_keys.
3. Finally, change set AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys in /etc/ssh/sshd_config.

Conclusion

An in-depth understanding of SSH helps users in understanding the important aspects and security regarding this technology. Most people consider this simple and easy process as a complex and complicated web of commands and instructions to follow and obey.

The computer takes less than a second for calculating a hash and authenticates a user. People don't realize this extremely low time and think that it might have taken computers a few seconds to process that much-complicated information.

The maximum time which computer uses is taken on the internet where it sends and receives data. This tutorial is made to let you know that these various technologies are adaptable and responsive.

You can club these technologies together for creating a state of the art system. But beware of the fact that each mechanism and process has a vital role to play in the whole process.

In order to set up an SSH connection you will need to get a Linux VPS: get it now and start creating.