+- Sinisterly (https://sinister.ly)
+-- Forum: Computers (https://sinister.ly/Forum-Computers)
+--- Forum: Operating Systems (https://sinister.ly/Forum-Operating-Systems)
+--- Thread: {Linux Tips} SSH Keys Edition: Setting Up and Using SSH Keys for Password-Free Logins (/Thread-Linux-Tips-SSH-Keys-Edition-Setting-Up-and-Using-SSH-Keys-for-Password-Free-Logins)
Pages:
1
2
{Linux Tips} SSH Keys Edition: Setting Up and Using SSH Keys for Password-Free Logins - roger_smith - 09-21-2014
It's that time again for another Linux Tips! In today's tip we're going to talk about ssh keys and using them for password-free logins. This tip requires a linux workstation (the system you're sitting at) and a destination system running linux as well (since we're using ssh here).
For starters, you need to generate an SSH key on your workstation. Each user on that system can have their own key. To do this, open a terminal as the user you want to setup the key for and run:
Code:
ssh-keygenYou can leave the passphrase blank for this exercise, and leave the rest of the settings default as well.
Once the key generation completes, you're halfway there.
The next step is to copy your newly generated SSH key to your destination server. This can be completed with the ssh-copy-id command. The command will look something like this:
Code:
user@localhost~$: ssh-copy-id username@remotehost.tldSo, what we see here is the user "user" on the local machine is running the ssh-copy-id command and passing username at the remote machine. These usernames do not need to match, so you could be "bob" on localhost, and "root" on remotehost.
once you run that command, you will be prompted for the REMOTE USERS password. Type the password, ssh-copy-id will work it's magic, and give you some output. Now, if you run ssh username@remotehost.tld, you can log in without being prompted for a password!
I hope this was helpful and interesting. You can use this knowledge to help harden ssh on your remote system by looking through the sshd_config files. Perhaps we'll discuss that in a future Linux Tips
.
RE: {LINUX TIPS} SSH KEYS EDITION: Setting Up and Using SSH Keys for Password-Free Logins - Reiko - 09-21-2014
This is one of my favorite features of OpenSSHd (and Dropbear).
For added security, if you're super paranoid, use these command lines for generating your keys
Code:
ssh-keygen -t ecdsa -b 521 # for newer SSH server/client, or
ssh-keygen -t rsa -b 4096 # for older SSH server/clientRE: {LINUX TIPS} SSH KEYS EDITION: Setting Up and Using SSH Keys for Password-Free Logins - Adorapuff - 09-21-2014
Nice tutorial! Welcome to +Reverence!
RE: {LINUX TIPS} SSH KEYS EDITION: Setting Up and Using SSH Keys for Password-Free Logins - roger_smith - 09-21-2014
(09-21-2014, 03:34 AM)Adorapuff Wrote: Nice tutorial! Welcome to +Reverence!
Thanks for the kind words and admittance to the group! I honestly am not entirely sure what that means yet honestly, but I'm reading through some of the new things that suddenly showed up, lol.
Cheers
RE: {LINUX TIPS} SSH KEYS EDITION: Setting Up and Using SSH Keys for Password-Free Logins - Xeru - 09-22-2014
So pretty much, ssh-copy-id will add the key to ~/.ssh/authorized_keys?
I usually just cat ~/.ssh/id_rsa.pub (or id_ecdsa.pub) and add it to remote server via "echo (key) > ~/.ssh/authorized_keys"
Never even knew of ssh-copy-id. Useful. Thank you!
RE: {LINUX TIPS} SSH KEYS EDITION: Setting Up and Using SSH Keys for Password-Free Logins - roger_smith - 09-22-2014
(09-22-2014, 08:54 PM)Xeru Wrote: So pretty much, ssh-copy-id will add the key to ~/.ssh/authorized_keys?
I usually just cat ~/.ssh/id_rsa.pub (or id_ecdsa.pub) and add it to remote server via "echo (key) > ~/.ssh/authorized_keys"
Never even knew of ssh-copy-id. Useful. Thank you!
Glad you found the tutorial useful
. ssh-copy-id takes all the manual work out of copying certs over
RE: {LINUX TIPS} SSH KEYS EDITION: Setting Up and Using SSH Keys for Password-Free Logins - Reiko - 09-23-2014
(09-22-2014, 08:54 PM)Xeru Wrote: So pretty much, ssh-copy-id will add the key to ~/.ssh/authorized_keys?
I usually just cat ~/.ssh/id_rsa.pub (or id_ecdsa.pub) and add it to remote server via "echo (key) > ~/.ssh/authorized_keys"
Never even knew of ssh-copy-id. Useful. Thank you!
Doing this on a server with a strange umask will leave you scratching your head. ssh-copy-id makes sure the permissions are correct on the authorized_keys file.
RE: {Linux Tips} SSH Keys Edition: Setting Up and Using SSH Keys for Password-Free Logins - Sans - 12-03-2015
(09-21-2014, 03:28 AM)Reiko Wrote: This is one of my favorite features of OpenSSHd (and Dropbear).
For added security, if you're super paranoid, use these command lines for generating your keys
Code:ssh-keygen -t ecdsa -b 521 # for newer SSH server/client, or
ssh-keygen -t rsa -b 4096 # for older SSH server/client
ecdsa isnt recommended anymore, use ed25519 for new system
RE: {Linux Tips} SSH Keys Edition: Setting Up and Using SSH Keys for Password-Free Logins - Dismas - 12-04-2015
(12-04-2015, 12:07 AM)Panty Wrote: For future reference, grave digging is against the rules.
His reply is fairly helpful, so it's not 100% gravedigging.
{Linux Tips} SSH Keys Edition: Setting Up and Using SSH Keys for Password-Free Logins - meow - 12-04-2015
Good ways to make SSH skid-proof other than key auth are -
- Pluggable authentication modules
- Making SSH listen on a port other than 22
- Disabling remote root logins (keep in mind that this doesn't restrict you/other people from using 'su root')
- Google's two-factor SSH authentication