ssh_keys
Creating keys
1 |
ssh -keygen |
1 2 3 4 5 6 7 8 9 |
$ ssh -keygen Generating public /private rsa key pair. Enter file in which to save the key ( /home/user/ . ssh /id_rsa ): test Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in test . Your public key has been saved in test .pub. The key fingerprint is: 01:01:43:22:c2:ec:24:85:f3:88:44:88:d6: df :7d:ea Luke@lukeshost |
Copying public keys to device
Now we need to copy the public key onto the server
1 |
ssh -copy- id -i ~/. ssh /servername_id_rsa .pub Luke@x.x.x.x |
1 |
ssh -copy- id -i ~/. ssh /servername_id_rsa .pub '-p 1234 Luke@x.x.x.x' |
Logging in using private key
You can then log into the device using the private key:
1 |
ssh -i ~/. ssh /servername_id_rsa Luke@x.x.x.x |
Creating ssh alias
Now we can make our lives a little easier so we do not have to specify the key each time:
1 |
vim ~/. ssh /config |
1 2 3 4 5 |
Host ServerName Hostname x.x.x.x User Luke Port 22 #or you can specify custom port IdentityFile ~/. ssh /servername_id_rsa #this is the location to the pivate key that you created above |
1 |
ssh ServerName |
Locking Down to Keys-Only
Next we could potentially lock down the server so ONLY keys work.
Add the following to /etc/ssh/sshd_config
1 |
PasswordAuthentication no |
WARNING: Keep one session open and attempt to log in from a different session, this allows you to get back in if you made an incorrect update
ssh_keys.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1