SSH Keys

From XMission Wiki
Revision as of 17:43, 15 November 2016 by Boom (talk | contribs) (Create a Key Pair)
Jump to: navigation, search

SSH Keys

What are SSH keys?

SSH keys allow users to SSH to servers with a more secure method rather than having to rely on passwords alone. Passwords can be brute forced, given out, or found out. SSH keys allow users to store a private key on their local machine, and a public key on their Cloud Server letting them SSH to their Cloud Server without the need for passwords. A SSH key pair consists of a public key and a private key. You can upload your public key on any server, but should keep your private key stored in a protected place preferably with a passphrase.

Create a Key Pair

To create a key pair, you will want to open a terminal on your local machine and run the following command:

ssh-keygen -t rsa
  • rsa is currently the default for ssh-keygen. There are other options including:
   * ed25519 (32-byte keys using the ECC Edwards 25519 curve by <djb>)
   * ecdsa (NIST-approved ECC version of DSA)
   * rsa (default)
   * dsa (DSA algorithm- not recommended)

Store the Keys

When you run the ssh-keygen command, you will be asked a few more questions like where to store the key.

Enter file in which to save the key (/home/<user>/.ssh/id_rsa):

Next you can create a passphrase for the Key Pair that will be required when they are used. You will want to remember this passphrase, or store it in a safe place. It is up to you if you wish to use one, however XMission strongly recommends that you do. SSH key passphrases prevents the ability to use your local machine against you if it were stolen or if an unauthorized user attempted to SSH.

  • If you have followed the above steps, it should appear as:
user@webserv:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /user/.ssh/id_rsa.
Your public key has been saved in /user/.ssh/id_rsa.pub.
The key fingerprint is:
b6:63:38:16:ff:8f:cd:fa:b8:a8:23:d1:2e:5c:d5:7e user@webserv.stafftest.cloud
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|         .       |
|        . .      |
|     ...S.       |
|    . o= .. E    |
|   . ++ =  .     |
|    +.oo + =     |
|     o.o. *==    |
+-----------------+
  • You will now see that the public key that you will want to send to your Cloud server is stored in /user/.ssh/id_rsa.pub"

Send the Key

After you have created your SSH Key Pair you will want to send your public key to your Cloud Server. You can do this with a simple SSH copy command, or copy and pasting your key into the Cloud Servers ~/.ssh/authorized_keys

ssh-copy-id websites@<your server IP address>
ssh-copy-id websites@123.45.56.78

You should see a prompt telling you it was successful and that you may now SSH to that server. Now you will not be prompted for a password! If you decided to store your key with a passphrase, you will be required to enter it.