search
HomeGitHubPortfolioTwitter/XMediumCont@ct

chart-networkSetting Up SSH Keys - Tutorial

hashtag
SSH (Secure Shell)

SSH (Secure Shell) is a widely used protocol that ensures secure remote access over a network, enabling administrators to manage and control servers safely. Among the available authentication methods, SSH keys stand out for their security and convenience, making them the preferred choice over traditional passwords.

https://www.ssh.com/academy/ssharrow-up-right

hashtag
What Are SSH Keys?

SSH keys are a pair of cryptographic keys used for authentication when accessing an SSH server. They include:

  1. Public Key: Shared with the server and stored in the ~/.ssh/authorized_keys file.

  2. Private Key: Kept securely on the client machine and used to prove the client’s identity.

This public-private key pair ensures that only authorized users can access the server.

hashtag
Why Use SSH Keys Instead of Passwords?

  • Enhanced Security: Unlike passwords, SSH keys are resistant to brute-force attacks.

  • Convenience: Keys eliminate the need to manually enter a password for every connection.

  • Automation: Essential for DevOps, enabling scripts and CI/CD pipelines to access servers without human intervention.

hashtag
Setting Up SSH Key Authentication

hashtag
1. Generating SSH Keys

To create a key pair on your local machine, follow these steps:

Step 1: Open a terminal Run the command:

  • -t rsa: Specifies RSA algorithm.

  • -b 4096: Sets the key length to 4096 bits for enhanced security.

  • -C: Adds a comment (e.g., your email).

Step 2: Choose a location You’ll be prompted to specify a file path. Press Enter to use the default location ~/.ssh/id_rsa, or specify a custom path.

Step 3: Enter a passphrase (optional) Provide a passphrase for added security. If you prefer no passphrase, press Enter.

hashtag
2. Copying the Public Key to the Server

Option 1: Using ssh-copy-id Run the following command:

This copies the public key to the server’s ~/.ssh/authorized_keys file.

Option 2: Manual Method

  1. Display your public key on the client:

  2. Copy the output and paste it into the server’s ~/.ssh/authorized_keys file:

hashtag
3. Testing SSH Access

Verify the setup by connecting to the server:

If successful, no password will be required unless a passphrase was set for the private key.

hashtag
Advanced SSH Key Configuration

hashtag
1. Simplifying Connections with ~/.ssh/config

The SSH configuration file allows you to streamline connections. Example:

With this setup, use ssh server1 instead of typing the full connection command.

hashtag
2. Restricting SSH Key Usage

To limit key actions, add constraints in the authorized_keys file. Example:

Other restrictions include:

  • Limiting by IP: from="192.168.1.0/24"

  • Time-based restrictions using external tools.

hashtag
3. Managing Multiple SSH Keys

When using multiple keys, specify the appropriate one for each server in ~/.ssh/config as shown above. This ensures the right key is used for the correct connection.

hashtag
Troubleshooting SSH Key Authentication

hashtag
1. File Permissions

Ensure proper permissions for key files:

hashtag
2. SSH Agent

Check if the SSH agent is running and the key is loaded:

3. Debugging Connections

Use verbose output to identify issues:

hashtag
Best Practices for SSH Key Management

  1. Use Strong Passphrases: Protect your private key with a robust passphrase.

  2. Use Unique Keys: Avoid reusing keys across multiple servers.

  3. Backup Keys Securely: Prevent accidental lockouts by storing secure backups.

  4. Rotate Keys Regularly: Periodically generate new keys and update the server’s authorized_keys file.

  5. Limit Key Usage: Apply restrictions based on commands, IPs, or time frames.

Last updated