Wednesday, February 9, 2011

Generating and using SSH keys for authentication

Setting up SSH keys


sshSSH keys are great, but remember to keep your private key (~/.ssh/id_rsa) safe! And check out the "Top 20 OpenSSH Server Best Security Practices" article at cyberciti.biz for some security tips. All you need to do to use SSH key authentication is to generate a key pair (public and private) and copy the public key to the remote server.

To generate a new key:
ssh-keygen -t rsa

which will look something like this:

[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@localhost

This will also create the /.ssh directory with the correct permissions (if it doesn't already exist), along with the private key (id_rsa) and the public key (id_rsa.pub). You can specify different names, which may be useful for creating multiple keys. You can also generate keys for specific users other than root. 'su' is the easiest way to do this, because the directories and permissions won't need to be fixed later:

[root@localhost ~]# su user1
[user1@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Created directory '/home/user1/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user1@localhost


The public key will then need to be copied to the remote server's ~user/.ssh/authorized_keys file:
scp .ssh/id_rsa.pub remotehost:.ssh/authorized_keys

Some additional notes on using SSH keys

Verbose output: ssh -vv -l user host

Specify a key to use with the -i flag:
ssh -i /path/to/key -l user host

ssh-keygen flags
Change a passphrase on a key: -p

Specify number of bits: -b 2048

Comment a key: -c comment
Share |
Tags: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Contact our honeypot department if you are desperate to get blacklisted.