Setting up the key verification for an ssh connection
This is a simple tutorial on how to set up key verification for a secure connection. It is suppose to help actually setting up the verification, to learn more about the SSH key I recommend this page on Arch Linux Wiki.
Prerequisites
Required * ssh-keygen * ssh-copy-id
Helpful - necessary to copy the key to github account. * xclip
sudo apt install ssh-keygen ssh-copy-id
Creating a key
First, we need to create a key. We can do that by simply typing in ssh-keygen in our console. This will result in 2048 bit RSA key.
ssh-keygen
First we will be asked as to where to save the key?
~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
I keep my keys in the default directory, but like to name them as I use keys for multiple things (connecting to the server, GitHub and more). Remember to put the whole path for the key (or navigate to the directory you want to store your key), otherwise it will be saved in a current directory.
Next, we are asked for passphrase. If you wish not to have a password protected key (i.e. don’t want to prompted for a password every time you use it, just press enter). It is recommended though to encrypt the key so that it cannot be used by someone who shouldn’t otherwise have access. For strong passwords I either use my KeePassXC random generator or use one of the online tools.
~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa): /home/username/.ssh/work_server
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/work_server
Your public key has been saved in /home/username/.ssh/work_server.pub.
The key fingerprint is:
SHA256:sP/uJ20hblyGGlQGf4/iASWXU10cEUwdtVbjk8nbh0g username@yoga
The key's randomart image is:
+---[RSA 2048]----+
| o.oo..oX@|
| == +.O|
| . .o..E O |
| o.. o +..+|
| ..S o.o o.o|
| ...oo+ .|
| .=.= . |
| ..= + |
| +++ |
+----[SHA256]-----+
There is much more to the ssh-keygen program than what’s described above, I definately recommend giving a manual a read! For example you may wish to increase the number of bits to 4048 by specifing it with -b 4048
, or add a comment to the key with -C "dell machine"
. You can access the info about the program by simply typing:
man ssh-keygen
Copying the key to the server
Next, we want to copy the key to the server. This can be done by:
ssh-copy-id -i /home/username/.ssh/work_server.pub userName@hostName
You’ll be prompted for your password, same way you log into the server normally.
Again, it’s worth reading manual pages on ssh-copy-id as you may want to specify ssh options for example.
man ssh-copy-id
Testing the connection
To test the key type:
ssh -i /home/username/.ssh/work_server userName@hostName
ssh config (recommended)
To simplify, a good practice is to write down the configuration of the connection in the config
file in the .ssh
directory. The above connection would like this in the /home/username/.ssh/config
file:
Host work_server
Hostname hostName
User userName
IdentityFile /home/username/.ssh/work_server
and then, you can simply type:
ssh work_server
Alias
Alternatively, you can create an alias in your .bashrc, .bash_profile or equivalent.
alias work_server='ssh -i /home/username/.ssh/work_server userName@hostName'
When you modify your .bashrc or equivalent in the terminal session, you need to source it, for example source ~/.bashrc
to overwrite already read in configration. You can also test the command in a new terminal session, where the newest config is sourced automatically. When you open new terminal, or after sourcing, you can simply run:
work_server
Github
To copy key to your github account, please refer to this really nice help pages.