Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tech_notes:ssh [2023-03-04 Sat wk09 10:19] baumkptech_notes:ssh [2024-03-09 Sat wk10 10:45] (current) – [ssh-keygen] baumkp
Line 1: Line 1:
 {{tag>linux ssh ssh-keygen}} {{tag>linux ssh ssh-keygen}}
-======ssh======+======ssh with key files====== 
 +The advantages of using SSH key-based include:  
 +  *Improved security 
 +  *Easier access to ssh (if password keys are not used) 
 +  
 +Clearly use of unique password encrypted keys gives best security.  However if a user has access to you terminal and user password they effectively have full system access anyway.
  
 +<fc #ff0000>The use of ''sudo'' should not be necessary as the keys created should be user based.</fc>
 +=====ssh-keygen======
 +The  ''ssh-keygen'' command is used to create ssh key pairs
 +
 +//Use ''man ssh-keygen'' to see options and description of command.//
 +
 +====ssh-keygen default====
 +  * ''ssh-keygen''  creates a SSH key pair.  The defaults are:
 +    * home directory ''/homeuser/.ssh''
 +    * public key ''/home/user/.ssh/id_rsa''
 +    * private key ''/home/user/.ssh/id_rsa.pub''
 +
 +====ssh-keygen with filename====
 +  * ''ssh-keygen -f .ssh/key-with-password''  creates a SSH key with non-default name and location.  The defaults are:
 +    * public key ''/home/user/.ssh/key-with-password''
 +    * private key ''/home/user/.ssh/key-with-password.pub''
 +
 +====Warning====
 +<fc #ff0000>//During further SSH key pair generation, if you do not specify a unique file name, you are prompted for permission to overwrite the existing id_rsa and id_rsa.pub files. If you overwrite the existing id_rsa and id_rsa.pub files, you must then replace the old public key with the new one on ALL of the SSH servers that have your old public key.
 +//</fc>
 +
 +Once you have generated the keys, they are stored in the /user/home/.ssh/ directory with the following permissions:
 +    *Private key - 600
 +    *Public key - 644
 +
 +=====sharing keys=====
 +Some examples:
 +  *''ssh-copy-id -i .ssh/key-with-pass.pub user@destination''  generic example
 +  *''ssh-copy-id -i .ssh/id-rsa.pub john.doe@192.168.0.1'' Will copy the default created id_rsa.pub key to IP 192.168.0.1 for user john.doe
 +
 +The remote ssh will ask for remote shell password.
 +
 +//Use ''man ssh--copy-id'' to see options and description of command.//
 +=====references=====
 [[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]] [[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]]
  
-<- tech_notes:git|Back ^ tech_notes:index|Start page ^ |End->+<- tech_notes:git|back ^ tech_notes:index|Start page ^ tech_notes:s6|next->