SSH keys Setup
SSH Keys are handy in that they allow the user to log into to a system without using a password. This, in turn, provides a highly secure way of logging into a virtual private server without the utilization of a password.
It is a known fact that tried passwords can be cracked, however, SSH keys are most difficult to break and therefore result in better security.
How do SSH keys work?
SSH keys generate a pair by providing the user with two long strings of characters; these will work as a public key and a private key.
The public key can be used on a server and then the server can be unlocked with the help of the private key. When the public key matches with the private key, the system opens itself. Thus, though SSH keys eliminate the need of having a password, it also enhances the security on the server.
Method to setup SSH Keys
One can setup the SSH keys by following the four steps given below.
Step 1: The creation of the RSA key pair. You can create it by giving the Gen Key command by typing the below.
$ ssh-keygen –t rsa
Step 2: In the second phase, you have to store the passphrase and the keys.
When you follow the first step, you will be greeted with the following question.
Enter file in which to save the key (/home/ demo/ .ssh/ id_rds):
Press ‘Enter’ to save the file in the user home.
In the example mentioned above, the file will be stored in the demo folder.
After this, you will be asked to enter a passphrase before the statement given below will appear on the screen.
Enter passphrase (empty for no passphrase):
It is not at all mandatory to get into the passphrase so you may skip it if you wish. Note; you should know that entering the passphrase has many benefits like:
- The security of the encrypted key also depends highly on the passphrase as it is not visible to anyone.
- If an unauthorized person tries to use the passphrase protected private key, then the hacked user will get enough time to fix the issue.
The problem with using a passphrase is that you will have to enter it every time you try to use a Key Pair. However, it still provides you with an extra layer of protection.
If you enter the passphrase, you will be asked to enter the passphrase again for confirmation. The following instruction will be visible on the screen:
Enter the same passphrase again:
After successfully entering the passphrase for the second time, you will be given information about the place where your identification has been saved. The statement that appears on the screen should be the following.
Your identification has been saved in /home/demo/.ssh/id_rsa Your public key has been saved in /home/demo.ssh/id_rsa.pub
You will also be given a key finger print, it will look somewhat like the below.
The key fingerprint is: 4a: dd:0a:c6:35:4e:3f: ed:27:38 demo@a
After that, a random art image of the key is generated.
From this, you can gather the following information:
- The location of the public key is ‘/home/demo/.ssh/id_rsa.pub’.
- The location of the private key identification is ‘/home/demo/.ssh/id_rsa’.
Step 3: In the third step, you have to copy the public key.
After the generation of the key pair, the public key is ready to be used in the virtual server. The public key can be copied with the following command.
Along with the command, you must enter your username and password. The entire instruction should look like the following.
After copying that, you can paste the key by using SSH.
cat ~/.ssh/id_rsa.pub| ssh firstname.lastname@example.org "mkdir –p~/ssh && cat >> ~/ .ssh/authorized keys"
After choosing the required command, you will see the following statements on your screen:
- ‘The authenticity of host ‘18.104.22.168 (22.214.171.124)’ can’t be established.’
- RSA key fingerprint is b1:2d:33:67;ce;35;4d:5f:f3:a8
- Are you sure you want to continue connecting (yes/no)?
(You will need to enter yes here).
After this you will be greeted with the following:
- Warning: Permanently added “126.96.36.199” (RSA) to the list of known hosts.
- email@example.com’s password: Now try logging into the machine, with “ssh ‘firstname.lastname@example.org’ “ and check in: ~/.ssh/authorized_keys to make sure you have not added extra keys that it was not expecting.
Once you see these statements, you are ready to log into the server. If you have set up a passphrase before, you will also need to enter the passphrase when you enter the key.
The fourth step is optional which you can carry out if you want to disable password for the root login.
Step 4: This step will allow you to log in to the server by using keys alone. If you complete the fourth step, you will eliminate the need for the password on the server. You can carry out this step by giving the following command.
$ sudo nano /etc/ssh/sshd_config
The file statements will appear on the screen, you should look for a sentence that has the phrase ‘PermitRootLogin’. You need to modify it by giving the following command as shown below.
PermitRootLogin without- password.
You may implement the change that you have made by giving the command ‘reload ssh’.
The process might look a bit harsh, however, if it is followed correctly, you will be able to setup the SSH keys successfully.
The immediate advantage of using SSH keys on the server is that you will never have to send your password on the web. Therefore, if anyone is spying on your connection in the hopes of cracking your password, they will never be able to do it because a password was never transmitted to the network.
You may also use SSH keys to save you from the brute-force password attack. Thus, your security increases by a thousand fold when you use the SSH keys to connect to your server. You should undoubtedly shift from traditional passwords to having SSH keys.