HOWTO
In today’s Ansible series, we will learn about automating changes using Ansible. Specifically, we will automate changes to the sshd config file. Table of Contents
In this comprehensive guide, we’ll walk you through the process of generating SSH keys, empowering you to enhance the security of your digital interactions.
In today’s digital age, securing your online activities is paramount. Whether you’re a seasoned developer, a sysadmin, or a casual user, protecting your sensitive data and communications is non-negotiable. One powerful tool in your arsenal for securing remote access to servers and services is SSH (Secure Shell). And at the heart of SSH lies the concept of SSH keys – cryptographic keys that enable secure authentication between two parties.
Before we dive into the nitty-gritty of generating SSH keys, let’s grasp the fundamentals. SSH keys come in pairs – a public key and a private key. The public key, as the name suggests, can be shared freely, while the private key must be kept secure. When you attempt to connect to a server using SSH, the server verifies your identity by matching the public key stored on the server with the private key stored on your local machine. If the keys match, access is granted.
Let’s dive in and examine how to generate SSH keys on any machine.
Whether you’re on Linux, macOS, or Windows (using tools like Git, Bash or PuTTY), open a terminal window to execute the necessary commands.
Use the ssh-keygen command to generate your SSH key pair. Simply type the following command in your terminal:
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Replace "your_email@example.com" with your actual email address. This command specifies the type (-t) and the size (-b) of the key.
After generating the keys, you’ll be prompted to specify where to save them. The default location is usually ~/.ssh/id_rsa for the private key and ~/.ssh/id_rsa.pub for the public key. The “~/” symbol serves as shorthand for the “/home/<username>” directory, where “<username>” represents the user’s specific account name. Press Enter to accept the default location or specify a different one if needed.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
You’ll be prompted to choose a passphrase to further secure your private key. While optional, using a passphrase adds an extra layer of security. Type in your passphrase when prompted and press Enter.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/admin/.ssh/id_rsa
Your public key has been saved in /home/admin/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:bPX+2+BPanhJxdjUfO5j5gjYxCRqpuojiQgXogb2V0I infotechystaff@gmail.com
The key's randomart image is:
+---[RSA 4096]----+
| ..|
| E . . =|
| . . = *.|
|o.. . * . + . =|
|+... * S + . o |
|o... o . . + .+.|
|=.. o oo*.o|
|oo o .++* |
| o.. o=oo|
+----[SHA256]-----+
Once the keys are generated, you can verify their existence by navigating to the .ssh directory in your home folder (cd ~/.ssh) and listing the contents (ls -l). You should see id_rsa (private key) and id_rsa.pub (public key) among the files.
$ ls -lh .ssh
total 24K
-rw-------. 1 admin admin 3.4K Feb 13 19:09 id_rsa
-rw-r--r--. 1 admin admin 750 Feb 13 19:09 id_rsa.pub
Now that you’ve generated your SSH keys, it’s time to put them to use:
To authenticate with a remote server using your SSH key pair, you need to copy the public key to the server. You can achieve this by running the following command:
$ ssh-copy-id user@hostname
Replace user with your username and hostname with the IP address or domain name of the destination server.
You may be prompted to enter your password to complete the process. This is the last time you’ll need to use your password for SSH authentication – from now on, your SSH key will handle authentication.
admin@rhel9-vm1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'admin@rhel9-vm2'"
and check to make sure that only the key(s) you wanted were added.
Once the public key is copied to the server, you can test the SSH connection by attempting to log in:
$ ssh user@hostname
If everything is set up correctly, you should be logged in without being prompted for a password.
Related Posts
In today’s Ansible series, we will learn about automating changes using Ansible. Specifically, we will automate changes to the sshd config file. Table of Contents
In this article, we will explore how to use SSH tunneling on Linux, as well as, go over some SSH tunneling examples to demonstrate its
In this article, we will discuss SSH Weak Key Exchange Algorithms and how we can resolve them to enhance the security of SSH connections and