Difference between revisions of "How to use ssh keys"

From XMission Wiki
Jump to: navigation, search
(Windows)
(Windows)
Line 106: Line 106:
 
* SSH to your server
 
* SSH to your server
 
* vim /.ssh/authorized_keys
 
* vim /.ssh/authorized_keys
* paste the contents from the PuTTYgen Window
+
* paste the contents from the PuTTYgen Window into the authorized_keys file
  
 
===Mac===
 
===Mac===

Revision as of 12:43, 4 March 2013

Setting up public key authentication over SSH

SSH Keys server as a means of identifying yourself to a Secure Shell (SSH) server using public-key cryptography and challenge-response authentication.

  • An SSH key is made up of two seperate keys -
    • A Private Key - which should be only known to you and be kept private.
    • A Public Key - which can be shared freely with any SSH server.
  • Advantages of using SSH Keys
    • Your password is never sent over the network
    • You can connect to multiple servers without having to remember to enter your password for each attempt.
  • Below we will take you though some of the basic step of creating SSH keys.

Linux

  • ssh-keygen - is the tool you will use to generate an SSH key pair in Linux

$ ssh-keygen -t <type>

  • The -t option will allow you to specify the type of encryption to use while creating the key pair. Here are your choices...
    • DSA - 1024 bit algorithm
    • RSA - 2048 - 4096 bit algorithm (recommended)
    • ECDSA - Elliptic Curve Digital Signature Algorithm that provides smaller key sizes and faster operations.
  • To create an SSH key that uses RSA you would type the following ...

$ssh-keygen -t rsa

  • You will be prompted for some information

Enter the file in which to save the key (/user/.ssh/id_rsa):

  • You can just press enter here as it will save to your home space in a directory called .ssh

Enter passphrase (empty for no passphrase):

  • Entering in a passphrase will give you more security - however if your overall goal is to not have to enter a password everytime you ssh to a server then you do not need to enter a passphrase.
  • The entire process will look something like this
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save teh key (/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /user/.ssh/id_rsa.
Your public key has been saved in /user/.ssh/id_rsa.pub.
The key fingerprint is:
e7:38:47:65:25:71:ff:1c:ee:e4:a8:37:31:0d:58:80 user@server
The key's randomart image is:
+--[ RSA 2048]----+
|          ..+.o  |
|         E   = . |
|            =  ..|
|           + ...o|
|        S o   ooo|
|         =   o=. |
|        o o  .oo |
|         o  .o   |
|           .. .  |
+-----------------+
  • You now have 2 files stored in ~/.ssh
    • id_rsa - is the private key
    • id_rsa.pub - is your public key
  • Next you will want to copy your public keys to the remote server - you can use a protocol called scp

scp ~/.ssh/id_rsa.pub user@server.com:~/.ssh/.

  • Next you will want to Authorize the SSH Server to use the public keys
  • SSH to your remote server and copy the contents of the id_rsa.pub file to authorized_keys file in the same folder.
$ssh user@server.com
user@server.com: ~$ cd .ssh
user@server.com: ~/.ssh$ cat id_rsa.pub >> authorized_keys

NOTE if the file authorized_keys does not exist you will have to create it.

Windows

  • Recommended Tool - PuTTY
    • PuTTY is a free implementation of Telnet and SSH for Windows
  • You will want to download putty.exe and puttygen.exe
    • You can use putty.exe to ssh to your servers and use puttygen.exe to generate an SSH Key to upload to your server so that you don't need to enter your password everytime.
  • Once downloaded click on the puttygen.exe icon

Puttykeygen-icon.png


  • Next Click on Generate to create a public/private key pair. Be sure under Parameters you select the type of key to generate.

Puttykeygen.png


  • Wait for the Generation to finish

Puttykeygen-2.png


  • Select Save Public Key to store this file to your local machine.

Puttykeygen-3.png

  • This will save it to a .txt file - We suggest saving it to your Desktop or Documents folder for easy access.
  • You can now copy the public key from the PuTTYgen Window and paste that into the authorized_keys file on your server.
  • SSH to your server
  • vim /.ssh/authorized_keys
  • paste the contents from the PuTTYgen Window into the authorized_keys file

Mac

  • Very similar to Linux - Just make sure you are using Mac OS X
  • Open a Terminal window found in Go > Applications > Utilities > Terminal
mymac:~ user$ ssh-keygen -t rsa 
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa):
Creating directory '/Users/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/user/.ssh/id_rsa.
Your public key has been saved in /Users/user/.ssh/id_rsa.pub.
The key finderprint is:
e7:38:47:65:25:71:ff:1c:ee:e4:a8:37:31:0d:58:80 user@mymac
The key's randomart image is:
+--[ RSA 2048]----+
|          ..+.o  |
|         E   = . |
|            =  ..|
|           + ...o|
|        S o   ooo|
|         =   o=. |
|        o o  .oo |
|         o  .o   |
|           .. .  |
+-----------------+
  • You can then open the file id_rsa.pub in any text editor - and copy the contents and paste it into the authorized_keys file on your server.
  • SSH to your server
  • cd .ssh
  • vim authorized_keys
  • Paste the contents from your mac id_rsa.pub into this file