Posted on: February 2nd, 2010 by Famous Phil

This post is going to be short, sweet, and to the point   It seems that every time I build a new server, I’m constantly at a loss for memorizing the commands that generate public keys in SSH (Secure Shell).  SSH for the computer illiterate is the Linux equivalent to Windows Telnet Services.  This basically gives you a command prompt that is running on a remote computer.

SSH is the heart and soul of linux based computers because *everything* can be done through the command line simply.  Unfortunately, Windows is just starting to catch up with Telnet using a new application called powershell.  Powershell is very unlike the linux command line though since it is more a scripting language than a command based language.  This is why I always scratch my head when working with Microsoft Exchange Server’s Powershell commands and end up reverting to the famous Microsoft graphical administration interface which gives me the option of “next next next finish”.  I really do appreciate the Microsoft wizards that make software so easy to administer.  Anyways, Linux never started with a graphical desktop (Unlike Windows and Macintosh), therefore, the command line in linux is far easier to use when administering a system.

To get back to my original topic, I am a fan of passwordless entry into my own systems.  With linux and SSH, there are a few authentication methods, 1 being password entry, and 2 being public key authentication.  With a password login, you basically enter a username and password and you are logged into a command prompt on linux.

With public key authentication, you generate 2 keys at your local computer, one being a private key and the other being a public key.  Basically, you give the server you wish to connect to the public key, and only you hold onto the private key.  When you connect to the server, it will first give you the public key so that you can verify that the server is actually the server that you want to connect to.  This will be ignored on the first connect, but in the future, if this key changes, you will be notified that the server was possibly compromised.  Upon allowing the connection, you will give the server your private key and it will run some calculations on the key you provided.  If the result matches that of the server’s public key, you will be granted access.  Since keys are generally 256 hexadecimal characters long, these are much more secure than normal passwords, and they are generally much easier to use (unless your laptop is stolen).

So now onto how to actually use these keys:

1. Generate the key on your local machine (not the remote machine).
A. ssh-keygen -t rsa
2. Verify that your remote server has an ~/.ssh directory.  ~ in linux is the home directory.
3. Copy the local public key to the server
A. This can be done with: scp ~/.ssh/id_rsa.pub user@remote_server:~/.ssh/authorized_keys2
B. Notice I specified authorized_keys2… this is actually for SSH Protocol 2 which is a more secure SSH protocol than the original.
C. scp is secure copy in linux and it copies files between computers using SSH tunnels.
4. Attempt to ssh into your remote machine.  It should not need a password anymore.
A. ssh user@remote_server

Hopefully this helps make sense of SSH keys.

Afterthought on 2/4/10:
when using the scp command as a copy / paste above, this will overwrite your authorized_keys2 file on the remote computer.  To prevent this from happening, append to the file using this command (thanks Cris for pointing this out to me):

cat ~/.ssh/id_rsa.pub | user@remote_server “cat >> ~/.ssh/authorized_keys2“

Tags: key, keygen, Linux, ssh
Posted in Hosting / Server Administration
|| 6 Comments »