How to use ssh keys
From XMission Wiki
Setting up public key authentication over SSH
SSH Keys server as a means of identifying yourself to a Secure Shell (SSH) server using public-key cryptography and challenge-response authentication.
- An SSH key is made up of two seperate keys -
- A Private Key - which should be only known to you and be kept private.
- A Public Key - which can be shared freely with any SSH server.
- Advantages of using SSH Keys
- Your password is never sent over the network
- You can connect to multiple servers without having to remember to enter your password for each attempt.
- Below we will take you though some of the basic step of creating SSH keys.
Linux
- ssh-keygen - is the tool you will use to generate an SSH key pair in Linux
$ ssh-keygen -t <type>
- The -t option will allow you to specify the type of encryption to use while creating the key pair. Here are your choices...
- DSA - 1024 bit algorithm
- RSA - 2048 - 4096 bit algorithm (recommended)
- ECDSA - Elliptic Curve Digital Signature Algorithm that provides smaller key sizes and faster operations.
- To create an SSH key that uses RSA you would type the following ...
$ssh-keygen -t rsa
- You will be prompted for some information
Enter the file in which to save the key (/user/.ssh/id_rsa):
- You can just press enter here as it will save to your home space in a directory called .ssh
Enter passphrase (empty for no passphrase):
- Entering in a passphrase will give you more security - however if your overall goal is to not have to enter a password everytime you ssh to a server then you do not need to enter a passphrase.
- The entire process will look something like this
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save teh key (/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /user/.ssh/id_rsa.
Your public key has been saved in /user/.ssh/id_rsa.pub.
The key fingerprint is:
e7:38:47:65:25:71:ff:1c:ee:e4:a8:37:31:0d:58:80 user@server
The key's randomart image is:
+--[ RSA 2048]----+
| ..+.o |
| E = . |
| = ..|
| + ...o|
| S o ooo|
| = o=. |
| o o .oo |
| o .o |
| .. . |
+-----------------+
- You now have 2 files stored in ~/.ssh
- id_rsa - is the private key
- id_rsa.pub - is your public key
- Next you will want to copy your public keys to the remote server - you can use a protocol called scp
scp ~/.ssh/id_rsa.pub user@server.com:~/.ssh/.
- Next you will want to Authorize the SSH Server to use the public keys
- SSH to your remote server and copy the contents of the id_rsa.pub file to authorized_keys file in the same folder.
$ssh user@server.com
user@server.com: ~$ cd .ssh
user@server.com: ~/.ssh$ cat id_rsa.pub >> authorized_keys
NOTE if the file authorized_keys does not exist you will have to create it.
Windows
Mac
- Very similar to Linux - Just make sure you are using Mac OS X
- Open a Terminal window found in Go > Applications > Utilities > Terminal
mymac:~ user$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa):
Creating directory '/Users/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/user/.ssh/id_rsa.
Your public key has been saved in /Users/user/.ssh/id_rsa.pub.
The key finderprint is:
e7:38:47:65:25:71:ff:1c:ee:e4:a8:37:31:0d:58:80 user@mymac
The key's randomart image is:
+--[ RSA 2048]----+
| ..+.o |
| E = . |
| = ..|
| + ...o|
| S o ooo|
| = o=. |
| o o .oo |
| o .o |
| .. . |
+-----------------+
- You can then open the file id_rsa.pub in any text editor - and copy the contents and paste it into the authorized_keys file on your server.
- SSH to your server
- cd .ssh
- vim authorized_keys
- Paste the contents from your mac id_rsa.pub into this file