Accessing Linux Web Servers Using SSH Keys
I like to avoid having to remember and typing passwords when i log into things on the internet, hence why I use KeePass. I have the same mindset when it comes to logging onto servers. Luckily there exists something known as SSH Keys.
Generating a public-private key pair
We start by running the ssh-keygen utility:
ssh-keygen
Select where to save the key pair. (Press {Enter} to save in default location).
C:\Users\Arnav>ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\Arnav/.ssh/id_rsa):If you wish to have additional security, you can add an optional passphrase:
C:\Users\Arnav>ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\Arnav/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):You key pair should now be generated:
C:\Users\Arnav>ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\Arnav/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\Arnav/.ssh/id_rsa.
Your public key has been saved in C:\Users\Arnav/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1zuyJ2emb2f+lP9cFLosAmFdjMJIPsBvad7OBOpEHqM arnav@Jain10
The key's randomart image is:
+---[RSA 2048]----+
| ....o o. |
| .o. o.... |
| .o.o.. . |
| + *o . . . .|
| + B o.S . .. .|
| E + . o.. .....|
| o + ...oo .o|
| . o ooB.ooo|
| oX.+..*|
+----[SHA256]-----+
C:\Users\Arnav>To display the public key we can use the following commands:
- *nix:
cat ~/.ssh/id_rsa.pub - Windows (from the home directory):
type .\.ssh\id_rsa.pub
C:\Users\Arnav>type .\.ssh\id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD1pYvyhKyiDSvbPSETiOeF0ORn9E3ePIGN35d+lJUKcRGW7lOW2tR3Sr8hDMkOSFIzVajOE/C1JKxbX1QNZKeHDFCDle0atCfRDCF9pHadZKqnJxp+8BnjdmE+GIptENpFGrHWiQShRx6RLy33crA/Wm62xNAqrlq10SCPNOUwQJNkBhah7B7lNEbcz6RkA6kmiBASqqM1sLuaWiQz90A+RvB2b8p02Xhprj0bSPX+EaXHcnBa9+NF19X5+kS879LYX7XlHxXBwuaifdmwPFLSGh9ZAMSePdBfi0q/EtyclS29vb+Wn+vFm7NL63bPQXlJol0WvMt8TF+UG12oAFB arnav@Jain10
C:\Users\Arnav>The ssh-rsa AAAA/***/oAFB arnav@Jain10 is my public key.
Placing public key on remove server
Access the web-server in whichever way you find convenient. For me it’s ssh to my Pi I just set up.
ssh root@photon-rpi3.jain.lan
Firstly we need to ensure that the .ssh sub-directory exists in our home directory. We do this by the mkdir command:
mkdir -p ~/.ssh
We now need to add the public key (from above) as an authorised key. This is done by the following command:
echo «public_key_string» >> ~/.ssh/authorized_keys
Remember to replace «public_key_string» with the public key you displayed above. Note that the >> signifies that this command will:
- if file exists the command will append the string to very end of the file.
- if file does not exist the command will create a new text file with the string as a content.
root@photon-rpi3 [ ~ ]# mkdir -p ~/.ssh
root@photon-rpi3 [ ~ ]# echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD1pYvyhKyiDSvbPSETiOeF0ORn9E3ePIGN35d+lJUKcRGW7lOW2tR3Sr8hDMkOSFIzVajOE/C1JKxbX1QNZKeHDFCDle0atCfRDCF9pHadZKqnJxp+8BnjdmE+GIptENpFGrHWiQShRx6RLy33crA/Wm62xNAqrlq10SCPNOUwQJNkBhah7B7lNEbcz6RkA6kmiBASqqM1sLuaWiQz90A+RvB2b8p02Xhprj0bSPX+EaXHcnBa9+NF19X5+kS879LYX7XlHxXBwuaifdmwPFLSGh9ZAMSePdBfi0q/EtyclS29vb+Wn+vFm7NL63bPQXlJol0WvMt8TF+UG12oAFB arnav@Jain10 >> ~/.ssh/authorized_keys
root@photon-rpi3 [ ~ ]#That should be it.
Try out the passwordless logon
The response from the server when using password logon:
C:\Users\Arnav>ssh root@photon-rpi3.jain.lan
Password:
Last login: Sun Jun 2 17:00:40 2019 from 192.168.8.10
18:01:52 up 1:03, 0 users, load average: 0.01, 0.02, 0.00
root@photon-rpi3 [ ~ ]#And the same when using SSH keys to logon:
C:\Users\Arnav>ssh root@photon-rpi3.jain.lan
Last login: Sun Jun 2 18:01:52 2019 from 192.168.8.10
18:08:05 up 1:10, 0 users, load average: 0.17, 0.06, 0.01
root@photon-rpi3 [ ~ ]#