Post

How to create and use ssh keys | LinuxGist

This article will provide details on how to create and use ssh keys in Linux.

Posted
By LinuxGist
4 min read

Cron Jobs

What are SSH Keys?

SSH keys (Secure Shell) are used for secure remote login, allowing you to authenticate with a server without having to enter your password repeatedly. They consist of two parts:

  1. Private Key: This should be kept secret and protected. Only the user who generated it should have access to this file.
  2. Public Key: This can be shared publicly and is used by the server to verify that the connecting client has possession of the corresponding private key.

SSH keys provide a more secure way to authenticate compared to passwords, as they rely on cryptography to ensure security. Unlike passwords, which are often sent over unsecured networks in plain text, SSH keys do not expose sensitive information during login attempts.

Generating an SSH Key

To generate an SSH key pair, you can use the ssh-keygen utility available in most Unix-like systems. Here’s how you do it:

  1. Open Terminal: Open your terminal application.
  2. Run ssh-keygen:
    1

    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    • -t rsa specifies the type of key to generate (RSA in this case).
    • -b 4096 sets the number of bits for the key (4096 is a good balance between security and performance).
    • -C "your_email@example.com" adds a comment to the key, which can be your email address.

  3. Enter File in Which to Save the Key: By default, it will save the key in ~/.ssh/id_rsa (private key) and ~/.ssh/id_rsa.pub (public key). Press Enter to accept this location or specify a different path.

  4. Enter Passphrase (Optional): You can set a passphrase for added security. If you don’t enter one, the key will be stored without encryption, making it less secure but convenient.

Here’s an example of what the process might look like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx your_email@example.com
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
+----[SHA256]-----+

Copying an SSH Key

Once you have generated your public key (id_rsa.pub), you need to copy it to the remote server so that you can authenticate without a password. You can do this using ssh-copy-id.

  1. Copy Public Key to Remote Server:
    1

    ssh-copy-id user@remote_host

    This command will prompt you for the user’s password on the remote host and then copy the public key to the appropriate location (~/.ssh/authorized_keys).

Alternatively, you can manually copy the public key:

  1. Manually Copy Public Key:
    1

    cat ~/.ssh/id_rsa.pub | ssh user@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Permissions on .ssh Folder and Key File

For security reasons, the .ssh directory and key files should have specific permissions:

  1. .ssh Directory:
    • Permissions: 700 (drwx——)
    • This means that only the owner has read, write, and execute permissions.
  2. Private Key File (id_rsa):
    • Permissions: 600 (-rw——-)
    • This ensures that only the owner can read and write to this file.

You can set these permissions using the chmod command:

1
2
3
4
5

# Change permissions of .ssh directory
chmod 700 ~/.ssh

# Change permissions of private key file
chmod 600 ~/.ssh/id_rsa

Runing commands on remote server without login

The ssh command allows you to execute a single command remotely without opening an interactive shell session.

1

ssh user@remote-server 'command'

Example
Suppose you want to check the free memory on a remote server:

1

ssh user@remote-server 'free -g'
  • Replace user with your username.
  • Replace remote-server with the hostname or IP address of the server.
  • Replace ‘free -g’ with the command you want to execute.

Summary

  • SSH Key: A pair of cryptographic keys used for secure authentication over SSH.
  • Generating an SSH Key: Use ssh-keygen to create a key pair (id_rsa and id_rsa.pub).
  • Copying an SSH Key: Use ssh-copy-id or manually copy the public key to the remote server’s ~/.ssh/authorized_keys.
  • Permissions:
    • .ssh directory: 700
    • Private key file (id_rsa): 600

By following these steps, you can securely set up SSH keys for remote access and enhance the security of your system.

devops, security, raspberrypi
ssh cli command linux raspberrypi
This post is licensed under CC BY 4.0 by the author.