How to use ssh keys

From XMission Wiki
Revision as of 10:48, 4 March 2013 by Jab (talk | contribs) (Mac)
Jump to: navigation, search

Setting up public key authentication over SSH

SSH Keys server as a means of identifying yourself to a Secure Shell (SSH) server using public-key cryptography and challenge-response authentication.

  • An SSH key is made up of two seperate keys -
    • A Private Key - which should be only known to you and be kept private.
    • A Public Key - which can be shared freely with any SSH server.
  • Advantages of using SSH Keys
    • Your password is never sent over the network
    • You can connect to multiple servers without having to remember to enter your password for each attempt.
  • Below we will take you though some of the basic step of creating SSH keys.

Linux

  • ssh-keygen - is the tool you will use to generate an SSH key pair in Linux

$ ssh-keygen -t <type>

  • The -t option will allow you to specify the type of encryption to use while creating the key pair. Here are your choices...
    • DSA - 1024 bit algorithm
    • RSA - 2048 - 4096 bit algorithm (recommended)
    • ECDSA - Elliptic Curve Digital Signature Algorithm that provides smaller key sizes and faster operations.
  • To create an SSH key that uses RSA you would type the following ...

$ssh-keygen -t rsa

  • You will be prompted for some information

Enter the file in which to save the key (/user/.ssh/id_rsa):

  • You can just press enter here as it will save to your home space in a directory called .ssh

Enter passphrase (empty for no passphrase):

  • Entering in a passphrase will give you more security - however if your overall goal is to not have to enter a password everytime you ssh to a server then you do not need to enter a passphrase.
  • The entire process will look something like this
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save teh key (/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /user/.ssh/id_rsa.
Your public key has been saved in /user/.ssh/id_rsa.pub.
The key fingerprint is:
e7:38:47:65:25:71:ff:1c:ee:e4:a8:37:31:0d:58:80 user@server
The key's randomart image is:
+--[ RSA 2048]----+
|          ..+.o  |
|         E   = . |
|            =  ..|
|           + ...o|
|        S o   ooo|
|         =   o=. |
|        o o  .oo |
|         o  .o   |
|           .. .  |
+-----------------+
  • You now have 2 files stored in ~/.ssh
    • id_rsa - is the private key
    • id_rsa.pub - is your public key
  • Next you will want to copy your public keys to the remote server - you can use a protocol called scp

scp ~/.ssh/id_rsa.pub user@server.com:~/.ssh/.

  • Next you will want to Authorize the SSH Server to use the public keys
  • SSH to your remote server and copy the contents of the id_rsa.pub file to authorized_keys file in the same folder.
$ssh user@server.com
user@server.com: ~$ cd .ssh
user@server.com: ~/.ssh$ cat id_rsa.pub >> authorized_keys

NOTE if the file authorized_keys does not exist you will have to create it.

Windows

Mac

  • Very similar to Linux - Just make sure you are using Mac OS X
  • Open a Terminal window found in Go > Applications > Utilities > Terminal
mymac:~ user$ ssh-keygen -t rsa 
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa):
Creating directory '/Users/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/user/.ssh/id_rsa.
Your public key has been saved in /Users/user/.ssh/id_rsa.pub.
The key finderprint is:
e7:38:47:65:25:71:ff:1c:ee:e4:a8:37:31:0d:58:80 user@mymac
The key's randomart image is:
+--[ RSA 2048]----+
|          ..+.o  |
|         E   = . |
|            =  ..|
|           + ...o|
|        S o   ooo|
|         =   o=. |
|        o o  .oo |
|         o  .o   |
|           .. .  |
+-----------------+
  • You can then open the file id_rsa.pub in any text editor - and copy the contents and paste it into the authorized_keys file on your server.
  • SSH to your server
  • cd .ssh
  • vim authorized_keys
  • Paste the contents from your mac id_rsa.pub into this file