Difference between revisions of "How to use ssh keys"
From XMission Wiki
| Line 60: | Line 60: | ||
</pre></code> | </pre></code> | ||
| + | * You now have 2 files stored in ~/.ssh | ||
| + | ** id_rsa - is the private key | ||
| + | ** id_rsa.pub - is your public key | ||
| + | |||
| + | * Next you will want to copy your public keys to the remote server - you can use a protocol called scp | ||
| + | <code> | ||
| + | scp ~/.ssh/id_rsa.pub user@server.com:~/.ssh/. | ||
| + | </code> | ||
| + | |||
| + | * Next you will want to Authorize the SSH Server to use the public keys | ||
| + | * SSH to your remote server and copy the contents of the ''id_rsa.pub'' file to ''authorized_keys'' file in the same folder. | ||
| + | |||
| + | <code> | ||
| + | $ssh user@server.com | ||
| + | user@server.com: ~$ cd .ssh | ||
| + | user@server.com: ~/.ssh$ cat id_rsa.pub >> authorized_keys | ||
| + | </code> | ||
| + | |||
| + | ''NOTE'' if the file authorized_keys does not exist you will have to create it. | ||
===Windows=== | ===Windows=== | ||
===Mac=== | ===Mac=== | ||
Revision as of 10:17, 4 March 2013
Setting up public key authentication over SSH
SSH Keys server as a means of identifying yourself to a Secure Shell (SSH) server using public-key cryptography and challenge-response authentication.
- An SSH key is made up of two seperate keys -
- A Private Key - which should be only known to you and be kept private.
- A Public Key - which can be shared freely with any SSH server.
- Advantages of using SSH Keys
- Your password is never sent over the network
- You can connect to multiple servers without having to remember to enter your password for each attempt.
- Below we will take you though some of the basic step of creating SSH keys.
Linux
- ssh-keygen - is the tool you will use to generate an SSH key pair in Linux
$ ssh-keygen -t <type>
- The -t option will allow you to specify the type of encryption to use while creating the key pair. Here are your choices...
- DSA - 1024 bit algorithm
- RSA - 2048 - 4096 bit algorithm (recommended)
- ECDSA - Elliptic Curve Digital Signature Algorithm that provides smaller key sizes and faster operations.
- To create an SSH key that uses RSA you would type the following ...
$ssh-keygen -t rsa
- You will be prompted for some information
Enter the file in which to save the key (/user/.ssh/id_rsa):
- You can just press enter here as it will save to your home space in a directory called .ssh
Enter passphrase (empty for no passphrase):
- Entering in a passphrase will give you more security - however if your overall goal is to not have to enter a password everytime you ssh to a server then you do not need to enter a passphrase.
- The entire process will look something like this
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save teh key (/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /user/.ssh/id_rsa.
Your public key has been saved in /user/.ssh/id_rsa.pub.
The key fingerprint is:
e7:38:47:65:25:71:ff:1c:ee:e4:a8:37:31:0d:58:80 user@server
The key's randomart image is:
+--[ RSA 2048]----+
| ..+.o |
| E = . |
| = ..|
| + ...o|
| S o ooo|
| = o=. |
| o o .oo |
| o .o |
| .. . |
+-----------------+
- You now have 2 files stored in ~/.ssh
- id_rsa - is the private key
- id_rsa.pub - is your public key
- Next you will want to copy your public keys to the remote server - you can use a protocol called scp
scp ~/.ssh/id_rsa.pub user@server.com:~/.ssh/.
- Next you will want to Authorize the SSH Server to use the public keys
- SSH to your remote server and copy the contents of the id_rsa.pub file to authorized_keys file in the same folder.
$ssh user@server.com
user@server.com: ~$ cd .ssh
user@server.com: ~/.ssh$ cat id_rsa.pub >> authorized_keys
NOTE if the file authorized_keys does not exist you will have to create it.
