Difference between revisions of "How to use ssh keys"
From XMission Wiki
(Created page with "place holder") |
|||
| Line 1: | Line 1: | ||
| − | + | ==Setting up public key authentication over SSH== | |
| + | SSH Keys server as a means of identifying yourself to a Secure Shell (SSH) server using public-key cryptography and challenge-response authentication. | ||
| + | * An SSH key is made up of two seperate keys - | ||
| + | ** A Private Key - which should be only known to you and be kept private. | ||
| + | ** A Public Key - which can be shared freely with any SSH server. | ||
| + | |||
| + | * Advantages of using SSH Keys | ||
| + | ** Your password is never sent over the network | ||
| + | ** You can connect to multiple servers without having to remember to enter your password for each attempt. | ||
| + | |||
| + | * Below we will take you though some of the basic step of creating SSH keys. | ||
| + | |||
| + | ===Linux=== | ||
| + | * ssh-keygen - is the tool you will use to generate an SSH key pair in Linux | ||
| + | <code> | ||
| + | $ ssh-keygen -t <type> | ||
| + | </code> | ||
| + | * The -t option will allow you to specify the type of encryption to use while creating the key pair. Here are your choices... | ||
| + | ** DSA - 1024 bit algorithm | ||
| + | ** RSA - 2048 - 4096 bit algorithm (recommended) | ||
| + | ** ECDSA - Elliptic Curve Digital Signature Algorithm that provides smaller key sizes and faster operations. | ||
| + | |||
| + | * To create an SSH key that uses RSA you would type the following ... | ||
| + | <code> | ||
| + | $ssh-keygen -t rsa | ||
| + | </code> | ||
| + | |||
| + | * You will be prompted for some information | ||
| + | <code> | ||
| + | Enter the file in which to save the key (/user/.ssh/id_rsa): | ||
| + | </code> | ||
| + | * You can just press enter here as it will save to your home space in a directory called .ssh | ||
| + | <code> | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | </code> | ||
| + | * Entering in a passphrase will give you more security - however if your overall goal is to not have to enter a password everytime you ssh to a server then you do not need to enter a passphrase. | ||
| + | * The entire process will look something like this | ||
| + | <code><pre> | ||
| + | ssh-keygen -t rsa | ||
| + | Generating public/private rsa key pair. | ||
| + | Enter file in which to save teh key (/user/.ssh/id_rsa): | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in /user/.ssh/id_rsa. | ||
| + | Your public key has been saved in /user/.ssh/id_rsa.pub. | ||
| + | The key fingerprint is: | ||
| + | e7:38:47:65:25:71:ff:1c:ee:e4:a8:37:31:0d:58:80 user@server | ||
| + | The key's randomart image is: | ||
| + | +--[ RSA 2048]----+ | ||
| + | | ..+.o | | ||
| + | | E = . | | ||
| + | | = ..| | ||
| + | | + ...o| | ||
| + | | S o ooo| | ||
| + | | = o=. | | ||
| + | | o o .oo | | ||
| + | | o .o | | ||
| + | | .. . | | ||
| + | +-----------------+ | ||
| + | </pre></code> | ||
| + | |||
| + | |||
| + | ===Windows=== | ||
| + | ===Mac=== | ||
Revision as of 10:09, 4 March 2013
Setting up public key authentication over SSH
SSH Keys server as a means of identifying yourself to a Secure Shell (SSH) server using public-key cryptography and challenge-response authentication.
- An SSH key is made up of two seperate keys -
- A Private Key - which should be only known to you and be kept private.
- A Public Key - which can be shared freely with any SSH server.
- Advantages of using SSH Keys
- Your password is never sent over the network
- You can connect to multiple servers without having to remember to enter your password for each attempt.
- Below we will take you though some of the basic step of creating SSH keys.
Linux
- ssh-keygen - is the tool you will use to generate an SSH key pair in Linux
$ ssh-keygen -t <type>
- The -t option will allow you to specify the type of encryption to use while creating the key pair. Here are your choices...
- DSA - 1024 bit algorithm
- RSA - 2048 - 4096 bit algorithm (recommended)
- ECDSA - Elliptic Curve Digital Signature Algorithm that provides smaller key sizes and faster operations.
- To create an SSH key that uses RSA you would type the following ...
$ssh-keygen -t rsa
- You will be prompted for some information
Enter the file in which to save the key (/user/.ssh/id_rsa):
- You can just press enter here as it will save to your home space in a directory called .ssh
Enter passphrase (empty for no passphrase):
- Entering in a passphrase will give you more security - however if your overall goal is to not have to enter a password everytime you ssh to a server then you do not need to enter a passphrase.
- The entire process will look something like this
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save teh key (/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /user/.ssh/id_rsa.
Your public key has been saved in /user/.ssh/id_rsa.pub.
The key fingerprint is:
e7:38:47:65:25:71:ff:1c:ee:e4:a8:37:31:0d:58:80 user@server
The key's randomart image is:
+--[ RSA 2048]----+
| ..+.o |
| E = . |
| = ..|
| + ...o|
| S o ooo|
| = o=. |
| o o .oo |
| o .o |
| .. . |
+-----------------+
