Setting up the key verification for an ssh connection

This is a simple tutorial on how to set up key verification for a secure connection. It is suppose to help actually setting up the verification, to learn more about the SSH key I recommend this page on Arch Linux Wiki.

Prerequisites

Required

• ssh-keygen
• ssh-copy-id

Helpful - necessary to copy the key to github account.

• xclip

sudo apt install ssh-keygen ssh-copy-id

Creating a key

First, we need to create a key. We can do that by simply typing in ssh-keygen in our console. This will result in 2048 bit RSA key.

ssh-keygen

First we will be asked as to where to save the key?

~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):

I keep my keys in the default directory, but like to name them as I use keys for multiple things (connecting to the server, GitHub and more). Remember to put the whole path for the key (or navigate to the directory you want to store your key), otherwise it will be saved in a current directory.

Next, we are asked for passphrase. If you wish not to have a password protected key (i.e. don’t want to prompted for a password every time you use it, just press enter). It is recommended though to encrypt the key so that it cannot be used by someone who shouldn’t otherwise have access. For strong passwords I either use my KeePassXC random generator or use one of the online tools.

~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa): /home/username/.ssh/work_server
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/work_server
Your public key has been saved in /home/username/.ssh/work_server.pub.
The key fingerprint is:
SHA256:sP/uJ20hblyGGlQGf4/iASWXU10cEUwdtVbjk8nbh0g username@yoga
The key's randomart image is:
+---[RSA 2048]----+
|        o.oo..oX@|
|         ==   +.O|
|      . .o..E  O |
|       o.. o +..+|
|      ..S o.o o.o|
|       ...oo+   .|
|        .=.= .   |
|        ..= +    |
|         +++     |
+----[SHA256]-----+

There is much more to the ssh-keygen program than what’s described above, I definately recommend giving a manual a read! For example you may wish to increase the number of bits to 4048 by specifing it with -b 4048, or add a comment to the key with -C "dell machine". You can access the info about the program by simply typing:

man ssh-keygen

Copying the key to the server

Next, we want to copy the key to the server. This can be done by:

ssh-copy-id -i /home/username/.ssh/work_server.pub userName@hostName

You’ll be prompted for your password, same way you log into the server normally.

Again, it’s worth reading manual pages on ssh-copy-id as you may want to specify ssh options for example.

man ssh-copy-id

Testing the connection

To test the key type:

ssh -i /home/username/.ssh/work_server userName@hostName

ssh config (recommended)

To simplify, a good practice is to write down the configuration of the connection in the config file in the .ssh directory. The above connection would like this in the /home/username/.ssh/config file:

Host work_server
    Hostname hostName
    User userName
    IdentityFile /home/username/.ssh/work_server

and then, you can simply type:

ssh work_server

Alias

Alternatively, you can create an alias in your .bashrc, .bash_profile or equivalent.

alias work_server='ssh -i /home/username/.ssh/work_server userName@hostName'

When you modify your .bashrc or equivalent in the terminal session, you need to source it, for example source ~/.bashrc to overwrite already read in configration. You can also test the command in a new terminal session, where the newest config is sourced automatically. When you open new terminal, or after sourcing, you can simply run:

work_server

Github

To copy key to your github account, please refer to this really nice help pages.