Both sides previous revision Previous revision Next revision | Previous revision |
tech_notes:ssh [2023-03-12 Sun wk10 09:01] – baumkp | tech_notes:ssh [2024-03-09 Sat wk10 10:45] (current) – [ssh-keygen] baumkp |
---|
{{tag>linux ssh ssh-keygen}} | {{tag>linux ssh ssh-keygen}} |
======ssh====== | ======ssh with key files====== |
| The advantages of using SSH key-based include: |
| *Improved security |
| *Easier access to ssh (if password keys are not used) |
| |
| Clearly use of unique password encrypted keys gives best security. However if a user has access to you terminal and user password they effectively have full system access anyway. |
| |
| <fc #ff0000>The use of ''sudo'' should not be necessary as the keys created should be user based.</fc> |
| =====ssh-keygen====== |
| The ''ssh-keygen'' command is used to create ssh key pairs |
| |
| //Use ''man ssh-keygen'' to see options and description of command.// |
| |
| ====ssh-keygen default==== |
| * ''ssh-keygen'' creates a SSH key pair. The defaults are: |
| * home directory ''/homeuser/.ssh'' |
| * public key ''/home/user/.ssh/id_rsa'' |
| * private key ''/home/user/.ssh/id_rsa.pub'' |
| |
| ====ssh-keygen with filename==== |
| * ''ssh-keygen -f .ssh/key-with-password'' creates a SSH key with non-default name and location. The defaults are: |
| * public key ''/home/user/.ssh/key-with-password'' |
| * private key ''/home/user/.ssh/key-with-password.pub'' |
| |
| ====Warning==== |
| <fc #ff0000>//During further SSH key pair generation, if you do not specify a unique file name, you are prompted for permission to overwrite the existing id_rsa and id_rsa.pub files. If you overwrite the existing id_rsa and id_rsa.pub files, you must then replace the old public key with the new one on ALL of the SSH servers that have your old public key. |
| //</fc> |
| |
| Once you have generated the keys, they are stored in the /user/home/.ssh/ directory with the following permissions: |
| *Private key - 600 |
| *Public key - 644 |
| |
| =====sharing keys===== |
| Some examples: |
| *''ssh-copy-id -i .ssh/key-with-pass.pub user@destination'' generic example |
| *''ssh-copy-id -i .ssh/id-rsa.pub john.doe@192.168.0.1'' Will copy the default created id_rsa.pub key to IP 192.168.0.1 for user john.doe |
| |
| The remote ssh will ask for remote shell password. |
| |
| //Use ''man ssh--copy-id'' to see options and description of command.// |
| =====references===== |
[[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]] | [[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]] |
| |
<- tech_notes:git|back ^ tech_notes:index|Start page ^ tech_notes:s6|next-> | <- tech_notes:git|back ^ tech_notes:index|Start page ^ tech_notes:s6|next-> |
| |