amazon media file explorer download upload index folder image licenses menu widget Play Pause profile-settings more dots-two-horizontal dots-two-vertical more-vertical pending google-plus hangouts facebook instagram whatsapp spotify telegram twitter vine renren rss youtube twitch vimeo flickr dribble behance deviantart 500px steam github soundcloud skype reddit linkedin lastfm delicious stackoverflow pinterest xing flattr foursquare yelp World

Beginners Guide To SSH Key Management

When you connect to a server via SSH from the client (the machine you want to use to establish the connection to the server), you will be asked to authenticate using the password of the user trying to connect to the computer server.

The issue with using password authentication is that they are easy to bypass as it is so common for server admins to use simple passwords, what if you can use something better and secure?

Let me introduce you to Public Key Authentication:

Public Key Authentication works by generating an SSH key-pair, a public, and a private key. The private key resides in your client machine and the public key resides in the server you would be connecting to, so, if you connect to a server that has your public key, it will know it's you because you are the only one that has the private key that matches it. In fact, you can transfer the public key to different servers (the ones you own) and connect to them with the private key on your client machine.

Let's get started with SSH key management in practice, I would also show you ways to secure it more.

Generating SSH Key

To get started, you'll first need to generate the key pair; private and public key.

The ssh-keygen command is all you need to generate the keys, go ahead and input that in your terminal:

faruq@blog:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/faruq/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/faruq/.ssh/id_rsa.
Your public key has been saved in /home/faruq/.ssh/
The key fingerprint is:
The key's randomart image is:
+---[RSA 2048]----+
|   oE ...o*+.    |
|  o =oo ++.o     |
| . +o=.*..+      |
|   ...= o+.      |
|   o.o =So       |
|    *.*.o..      |
|     B.o.o       |
|    ..+.=        |
|    .+.. .       |

Note: All prompted messages as been highlighted red above.

  • You will be asked for the directory to save your key files, hit Enter to default to /home/user/.ssh, keep in mind that the user would be the user you are currently logged in as.
  • The next part would tell you to enter the passphrase for the key, this is optional and you can skip by hitting the enter key. I'll recommend you give it a passphrase (make sure this is different from your system password) as this is add-on security to the keys. Once you are done, the key would be saved in your selected directory.

Before we go further, let's undertstand the process the ssh-keygen took when generating the key:

The ssh-keygen creates a directory named .ssh in your home directory if it doesn't already exist, and inside that directory, it will create two files, id_rsa, and

You might have guessed what both files do by their name, the id_rsa is your private key and should never leave your machine, if it leaves your machine somehow, then the new owner can connect to your server.

The permission of the id_rsa is -rw-------, which means it can only be read or writeable by only the owner and not any other user. Learn about file/directory permission in GNU/Linux.

The is your public key and can get copied to other servers, this way, you can log in via the key-pair.

Think of the public key as a half-solved equation, so when you log in to a server that has the public key, it checks that the private key has the other equation, and if the key-pair is mathematically correct, it lets you log-in. You'll be asked for your passphrase if you choose one during the key creation.

Transferring The Generate SSH Public Key To Other Servers

There are a couple of ways you could transfer the public keys to other servers, the best way is to utilize the ssh-copy-id command, it automatically creates an ssh directory in your directory if it didn't already exist.

Inside that directory, a file named authorized_key is created if it didn't already exist, and lastly, the contents of ~/.ssh/ on your client machine(the machine storing the private key) are copied into the ~/.ssh/authorized_key file on the target server.

I can't imagine doing this manually on different servers, using the ssh-copy-id simplifies the approach.

Let's see an example of how you can utilize the ssh-copy-id command:

ssh-copy-id -i ~/.ssh/ xx.xx.xx.xx

The above command would transfer the public key to the target server, replace the xx.xx... with the actual IP of the target server, and you can as well use the hostname of the server. Learn how to simplify ssh connection using a simple config file.

Once you issue the command, you will be asked to login via password, and then the key would be copied over.

Keep in mind that if you set up a passphrase during the key generation, you will be asked to enter it in order to open your public key.

If you don't want to be inputting your password every time you connect, you can cache your passphrase the first time you use it, this way, you won't be asked for it every time you connect.

To benefit from the password caching, you can utilize the SSH agent.

Enter the following command as the user account you are starting your connection from:

eval ($ssh-agent)

The above command will start the SSH agent and will continue to run in the background of your shell.

The next step is to open your key for your agent:

ssh-add ~/.ssh/id_rsa

You will be prompted to enter the passphrase of the key, once you've input the correct passphrase of the key, it would be open and you won't need to enter it again for future connection until you shell closes or you logged out.

If you want to change the key passphrase, use the ssh-keygen -p command.

This would change an existing passphrase or add a passphrase if you don't already have one.

That's all for now, have fun using the ssh commands.

Related Post(s)

  • How To Access Windows 10 Drive/Folder in VirtualBox

    To access Windows drive or folder in your Guest OS, you first of all, install VirtualBox guest utilities: sudo apt-get install virtualbox-guest-utils You then Add a shared folder by going into: Setti

  • Send Mail with Attachment Using Mutt in GNU/Linux

    Mutt is a powerful text-based mail client for Unix/Linux operating systems. It features color support, message threading, MIME support...

  • Using Pageant To Automatically Authenticate SSH key in Putty

    I can't count how many times I have typed my ssh key passphrase whenever my ssh connection times out, it is so annoying and repetitive. Well, thanks to the putty pageant, you can do that seamlessly.

  • Installing WP-CLI In a GNU/Linux Server

    WP-CLI is a command-line interface for WordPress. It can also be used with ClassicPress, as they are no differences in their usage, maybe just minimal if you are updating or downloading new ClassicPr

  • How To Send Mail To Multiple Addresses Using (mailx)

    In this guide, you'll learn a couple of ways you can send mail to multiple addresses using mailx. mailx is a utility program for sending and receiving mail. I assume you already have mailx command, i

  • Mounting and Unmounting Cloud Storage With (Rclone) in GNU/Linux

    Ever wondered if you could mount your preferred cloud storage as a virtual drive on your system? Thanks to Rclone, you can mount and access different kinds of cloud storage from a file manager, I'll