30
Sep, 20
How to setup an SSH key?
- by Susith Nonis
- in Tutorials
SSH key is an access credential for the SSH secure shell network. The authentication and encryption is used for remote communication between machines on an unsecured open network.
Some of its uses are remote file transfer, remote operating system, and network management. This is a set of tool which people use to interact on the SSH protocol.
Generate an SSH Key Pair
To generate an SSH key pair, run the following command:
ssh-keygen
It will look like this:
laptop1:~ yourname$ ssh-keygen
Generating public/private rsa key pair.
You'll be asked to choose the location for storing the keys:
Enter file in which to save the key (/Users/yourname/.ssh/id_rsa):
Then you will be instructed to choose a password:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your public and private keys are generated.
id_rsa is your private key
id_rsa.pub is your public key
Your identification has been saved in /Users/yourname/.ssh/id_rsa.
Your public key has been saved in /Users/yourname/.ssh/id_rsa.pub.
"visual fingerprint" of your key is as follow:
The key fingerprint is:
d7:21:c7:d6:b8:3a:29:29:11:ae:6f:79:bc:67:63:53 yourname@laptop1
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . o |
| . . * . |
| . . = o |
| o S . o |
| . . o oE |
| . .oo +. |
| .o.o.*. |
| ....= o |
+-----------------+
What do SSH keys look like
An authorized key can look like this:
Ecdsa-sha2-nistp256 AAAAE2 VjZHNhLXN0YTtbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN+ Mh3U / 3We4VYtV 1QmWUFIz FLTUeegl1Ao5 / QGtCRGAZn8bxX9KlCrrWISIjSYAwCajIEGSPEZwPNMBoK8XD8Q = ylo@klar
An identity key can look like this:
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIJWbvSW7h50HPwG+bWR3DXgQ6YhOxYbe0ifr1rRUvsUuoAoGCCqGSM49
AwEHoUQDQgAE34yHdT/dZ7hVi1XVCZZQUjMUtNR56CXUCjn9Aa0JEYBmfxvFf0qU
KutYhIiNJgDAJqMgQZI8RnA80wGgrxcPxA==
-----END EC PRIVATE KEY-----
Configure an SSH/SFTP User for Your Key
Method 1: Using ssh-copy-id
You have your SSH key. Now you are ready to run it on your system.
Run the following command and replace x.x.x.x with your IP address and sysuser with your computer name:
ssh-copy-id SYSUSER@x.x.x.x
Method 2: Manual Configuration
When you do not have ssh-copy-id command, you can SSH it to your server manually:
Create the .ssh/authorized_keys and run the following command:
(umask 077 && test -d ~/.ssh || mkdir ~/.ssh)
(umask 077 && touch ~/.ssh/authorized_keys)
Edit the file .ssh/authorized_keys with the help of your preferred editor and paste id_rsa.pub.
Log In Using Your Private Key
SSH or SFTP into your server using your private key with the help of the following command:
ssh SYSUSER@x.x.x.x
If you haven't created the default location, you will have to type the following:
ssh -i ~/.ssh/custom_key_name SYSUSER@x.x.x.x
Granting Access to Multiple Keys
.ssh/authorized_keys file uses simple format. If you have multiple users or developers, you need to grant them access. Follow the instructions use ssh-copy-id, or you can manually paste it into additional keys one at each.
After completing the process .ssh/authorized_keys file will look something like this:
(Don’t copy this, use your own public keys):
ssh-rsa AAAAB3NzaC1yc 2EAAAADAQABAAABA QDSkT3A1j89RT / 540ghIMHXIV w NlAEM3W tmqVG7YN / wYwtsJ8iCszg4 / lXQsfLFxYmEVe8L9 atgtMGCi5QdYPl4X / c+5YxFfm88Yjfx+ 2xEgUdOr 864eaI22ya NMQ0AlyilmK + PcSyxKP4dzkf6 B5Nsw 8lhfB5n 9F5md 6GHLLjOGu BbHYlesKJKnt2c MzzS90 BdRk73qW6wJ+ MCUWo +cyBFZVGOzrjJGEcHewOCbVs +IJWBFSi6w1enbKGc +RY9KrnzeDKWWqzYnNofiHGVFAu MxrmZOasqlTIKiC2UK3RmLx ZicWiQmPnpnjJRo 7pL0oYM9r/ sIWzD6i2S9szDy6aZ mike@laptop1
ssh-rsa AAAAB3NzaC1yc 2EAAAADAQABAAABAQC zlL9Wo8yw EFXSvMJ8FY mxP6HHHMD TyYAWwM3AO tsc96DcYVQIJ5V sydZf5 /4NWuq55Mqnzdn GB2IfjQvOrW4Jen 0cI5UFTvAG4PkfYZb 00Hbvwho8JsS AwChvWU6I uhgiiUBofKSMMifKg+ pEJ0dLjks 2GUcfxeBwbNn AgxsBvY6BCXRfezIdd PlqyfWfnftqnafIFvuiRFB1 DeeBr24kik /550MaieQpJ848 +MgIeVCjko4NPPLssJ /1jhGEHOTlGJpWKGDqQK + QBaOQZh7JB7ehTK +pwIFHbUaeAkr66i VYJuC05iA7ot 9FZX8XGkxgmhlna FHNf0l8ynosanqt henry@laptop2
Additional Information
Retrieve Your Public Key from Your Private Key
Retrieve the public key from a private key by using this command:
ssh-keygen -y -f /path/to/your_private_key_file (eg. /root/.ssh/id_rsa or ~/.ssh/custom_key_name)
Correcting Permissions on the .ssh Directory
Run these commands on your server
while SSH'd in as your app's system user:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Anyone entering a password will receive a message like:
Permission denied (publickey,password).
Or
No supported authentication methods available
Manage Multiple SSH Keys
SSH config
Enter SSH config, create a new file: ~/.ssh/config and open it for editing:
nano ~/.ssh/config
Managing Custom Named SSH key
Configure file to avoid adding custom-named SSH keys using ssh-add all the time.
Suppose your SSH key is named ~/.ssh/id_rsa, add the following to the config file:
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
~/.ssh/id_rsa is not in ssh-agent by opening another terminal and edit:
ssh-add -D
All keys will be removed, having an active ssh-agent session.
Configure file will use the key at ~/.ssh/ida_rsa.
Some useful configuration examples:
Host bitbucket-corporate
HostName bitbucket.org
User git
IdentityFile ~/.ssh/id_rsa_corp
IdentitiesOnly yes
Now you can use:
git clone git@bitbucket-corporate:company/project.git
Host bitbucket-personal
HostName bitbucket.org
User git
IdentityFile ~/.ssh/id_rsa_personal
IdentitiesOnly yes
Now you can use:
git clone git@bitbucket-personal:username/other-pi-project.git
Host myserver
HostName ssh.username.com
Port 1111
IdentityFile ~/.ssh/id_rsa_personal
IdentitiesOnly yes
User username
IdentitiesOnly yes
Generate an SSH Key on Mac and Linux
Execute the following to begin the key creation
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
"Enter a file in which to save the key."
> Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
Press “Enter” to accept the default file location.
Add a passphrase to keys that will prevent this scenario.
> Enter passphrase (empty for no passphrase): [Type a passphrase]
> Enter same passphrase again: [Type passphrase again]
Add the new SSH key to the ssh-agent
SSH key to the ssh-agent first ensure the ssh-agent is running by executing:
$ eval "$(ssh-agent -s)"
> Agent pid 59566
Add the new SSH key to the local SSH agent.
ssh-add -K /Users/you/.ssh/id_rsa
The new SSH key is now registered and ready to use!
Moving SSH keys to a root-owned location
Moving SSH keys to a root-owned location is easy:
- Create a suitable root-owned directory, e.g., /etc/ssh/keys, under which authorized keys are stored.
- Create a subdirectory under this directory for each user, and move each user's authorized_keys file to /etc/ssh/keys//authorized_keys.
- Finally, change set AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys in /etc/ssh/sshd_config.
Conclusion
An in-depth understanding of SSH helps users in understanding the important aspects and security regarding this technology. Most people consider this simple and easy process as a complex and complicated web of commands and instructions to follow and obey.
The computer takes less than a second for calculating a hash and authenticates a user. People don't realize this extremely low time and think that it might have taken computers a few seconds to process that much-complicated information.
The maximum time which computer uses is taken on the internet where it sends and receives data. This tutorial is made to let you know that these various technologies are adaptable and responsive.
You can club these technologies together for creating a state of the art system. But beware of the fact that each mechanism and process has a vital role to play in the whole process.
In order to set up an SSH connection you will need to get a Linux VPS: get it now and start creating.
I'm fascinated by the IT world and how the 1's and 0's work. While I veture into the world of Technology I try to share what I know in the simplest way possible. Not a fan of coffee, a sweet addict and a self accredited 'master chef'.