Setting Up SSH Keys - Tutorial
Last updated
Last updated
SSH (Secure Shell) is a widely used protocol that ensures secure remote access over a network, enabling administrators to manage and control servers safely. Among the available authentication methods, SSH keys stand out for their security and convenience, making them the preferred choice over traditional passwords.
SSH keys are a pair of cryptographic keys used for authentication when accessing an SSH server. They include:
Public Key: Shared with the server and stored in the ~/.ssh/authorized_keys file.
Private Key: Kept securely on the client machine and used to prove the client’s identity.
This public-private key pair ensures that only authorized users can access the server.
Enhanced Security: Unlike passwords, SSH keys are resistant to brute-force attacks.
Convenience: Keys eliminate the need to manually enter a password for every connection.
Automation: Essential for DevOps, enabling scripts and CI/CD pipelines to access servers without human intervention.
To create a key pair on your local machine, follow these steps:
Step 1: Open a terminal Run the command:
-t rsa: Specifies RSA algorithm.
-b 4096: Sets the key length to 4096 bits for enhanced security.
-C: Adds a comment (e.g., your email).
Step 2: Choose a location
You’ll be prompted to specify a file path. Press Enter to use the default location ~/.ssh/id_rsa, or specify a custom path.
Step 3: Enter a passphrase (optional) Provide a passphrase for added security. If you prefer no passphrase, press Enter.
Option 1: Using ssh-copy-id
Run the following command:
This copies the public key to the server’s ~/.ssh/authorized_keys file.
Option 2: Manual Method
Display your public key on the client:
Copy the output and paste it into the server’s ~/.ssh/authorized_keys file:
Verify the setup by connecting to the server:
If successful, no password will be required unless a passphrase was set for the private key.
~/.ssh/configThe SSH configuration file allows you to streamline connections. Example:
With this setup, use ssh server1 instead of typing the full connection command.
To limit key actions, add constraints in the authorized_keys file. Example:
Other restrictions include:
Limiting by IP: from="192.168.1.0/24"
Time-based restrictions using external tools.
When using multiple keys, specify the appropriate one for each server in ~/.ssh/config as shown above. This ensures the right key is used for the correct connection.
Ensure proper permissions for key files:
Check if the SSH agent is running and the key is loaded:
3. Debugging Connections
Use verbose output to identify issues:
Use Strong Passphrases: Protect your private key with a robust passphrase.
Use Unique Keys: Avoid reusing keys across multiple servers.
Backup Keys Securely: Prevent accidental lockouts by storing secure backups.
Rotate Keys Regularly: Periodically generate new keys and update the server’s authorized_keys file.
Limit Key Usage: Apply restrictions based on commands, IPs, or time frames.
