SSH keys are a secure workaround to not having to remember and type out your password every time to log in to remote systems. To improve account security, passwords are required to be longer (minimum character length), use of special characters, sometimes different for different machines. So setting up keys instead to login has been really helpful.
SSH-keys is a cryptographic system that allows the user to log in to a remote system using a public and private key. The public key is saved on the remote machine, and the private key is safely stored on the local machine of the user. Now when the user initiates the connection to the remote machine, the user provides the private key which if it matches the public key on the machine, the user can log in to the machine without having to type in the password.
Great, let’s generate keys!
- Open terminal on your local laptop
- Type the command “ssh-keygen -t rsa -b 2048”. “rsa” is a specific encryption format and “2048” is the number of bits. There are other encryption formats you can use, I choose rsa since its default on most programs and most remote machines accept this format. For the bit size here is why, copy pasting the sentence from wiki (to read the wiki, click here) “RSA claims that 1024-bit keys are likely to become crackable sometime between 2006 and 2010 and that 2048-bit keys are sufficient until 2030.”
- Now you should be prompted with writing the name of the key – which by default is saved as id_rsa. In this case (in the picture) I have named the key – “test”.
- Next prompt will be to type in a passphrase – type in a passphrase you can remember. This is optional but HIGHLY recommended for security. If someone got access to your laptop, they’d be able to get into every machine you login to, so setting up a passphrase give you an additional level of security.
- If you see the random art image, it means the encrypted public and private key are saved in that directory. To check if the files were created, run the command “ls”
- The SSH-key pairs (private and public key) gets saved in the directory where you ran the “ssh-keygen” command, they need to be moved to ~/.ssh/ directory. The simple reason is that later when you delete this directory (accidentally or intentionally) your private key is not deleted. So, let’s move the keys (private and public) to a directory called ~/.ssh/
- First, check if there is a directory called .ssh/ by running the line “cd ~/.ssh/”
- Then move the keys to this directory “mv test* ~/.ssh”
- Now goto ~/.ssh/ directory, “cd ~/.ssh”, and confirm that the keys are moved here “ls”
- Now checking permissions on these files, this is important because they are private files you should not be sharing, especially the private key. To keep them private we generally strip the file of its permissions to write/execute and read except for yourself. To do this run the command “chmod 600 test*”. If you are interested in learning more about permissions, here is one of our blog posts on this topic, click here.
- Login to your remote machine with a password
- cd ~/.ssh/
- nano authorized_keys
- copy paste the public key generated, test.pub
- logout of the remote machine
Now you can login to the remote machine from your local machine using the command “ssh email@example.com -i ~/.ssh/test”.
This is a little trickier since windows command prompt is not built off the same LINUX operating system, so the commands are slightly different. There are options as well,
- Goto command prompt (Windows version of the terminal), and follow this blog
- You now download the Ubuntu terminal on a Windows system and just follow the steps under “On MAC/LINUX”. For information on setting this up Ubuntu on Windows go to this link.
- I use PuTTY to log in to the machines (link to download Putty is here). The trouble with putty is that it has its own format of keys it accepts to login, so to generate the format it agrees with I use PuTTYgen (come with the PuTTY executables). For more information on generating ssh-keys using PuTTYgen and adding them to PuTTY, click here or follow along
Using PuTTYgen to generate keys
- Open “puTTYgen” and click on “Generate” to generate a key pair.
- Enter a passphrase (optional, but highly recommended) for extra security, then click on “Save public key” and “Save private key”. The reason for a passphrase is that if someone got access to your laptop, they’d be able to get into every machine you login to. Through setting up a passphrase give you an additional level of security, requiring them to type in the passphrase to get access to the machines.
Note: There is also an option to generate different format keys “rsa”, “dsa”, etc and edit the number of bits as necessary. There are other encryption formats you can use, I choose rsa since its default on most programs and most remote machines accept this format. For the bit size here is why, copy pasting the sentence from wiki (to read the wiki, click here) “RSA claims that 1024-bit keys are likely to become crackable sometime between 2006 and 2010 and that 2048-bit keys are sufficient until 2030.”
- Save the public key in the remote machine, ONLY the public key. To confirm its a public key open the file and it should have the following header “—- BEGIN SSH2 PUBLIC KEY —-“
- Add the private key to Putty, click on “ssh” listed on the left, then select “auth”. Add your private key using Browse.
- Once you have added the private key, click on “Session” listed on the right, enter the hostname and click “Open”
Note: You can save the key and the hostname, by naming the session under “Saved Sessions” and then clicking on “Save”. Once its saved, the session is listed under Default sessions.
Next time, to login to this machine, just click on the saved session and click “load”. This will add the hostname and the private key, there will be no need to add the private key again.
Great, now you know how to generate ssh keys and use these keys to login to remote machines, on LINUX, MAc or Windows. If you have any questions or need help, email us at firstname.lastname@example.org