| Both sides previous revision Previous revision Next revision | Previous revision |
| tech_notes:ssh [2023-03-12 Sun wk10 09:01] – baumkp | tech_notes:ssh [2024-03-09 Sat wk10 10:45] (current) – [ssh-keygen] baumkp |
|---|
| {{tag>linux ssh ssh-keygen}} | {{tag>linux ssh ssh-keygen}} |
| ======ssh====== | ======ssh with key files====== |
| | The advantages of using SSH key-based include: |
| | *Improved security |
| | *Easier access to ssh (if password keys are not used) |
| | |
| | Clearly use of unique password encrypted keys gives best security. However if a user has access to you terminal and user password they effectively have full system access anyway. |
| |
| | <fc #ff0000>The use of ''sudo'' should not be necessary as the keys created should be user based.</fc> |
| | =====ssh-keygen====== |
| | The ''ssh-keygen'' command is used to create ssh key pairs |
| | |
| | //Use ''man ssh-keygen'' to see options and description of command.// |
| | |
| | ====ssh-keygen default==== |
| | * ''ssh-keygen'' creates a SSH key pair. The defaults are: |
| | * home directory ''/homeuser/.ssh'' |
| | * public key ''/home/user/.ssh/id_rsa'' |
| | * private key ''/home/user/.ssh/id_rsa.pub'' |
| | |
| | ====ssh-keygen with filename==== |
| | * ''ssh-keygen -f .ssh/key-with-password'' creates a SSH key with non-default name and location. The defaults are: |
| | * public key ''/home/user/.ssh/key-with-password'' |
| | * private key ''/home/user/.ssh/key-with-password.pub'' |
| | |
| | ====Warning==== |
| | <fc #ff0000>//During further SSH key pair generation, if you do not specify a unique file name, you are prompted for permission to overwrite the existing id_rsa and id_rsa.pub files. If you overwrite the existing id_rsa and id_rsa.pub files, you must then replace the old public key with the new one on ALL of the SSH servers that have your old public key. |
| | //</fc> |
| | |
| | Once you have generated the keys, they are stored in the /user/home/.ssh/ directory with the following permissions: |
| | *Private key - 600 |
| | *Public key - 644 |
| | |
| | =====sharing keys===== |
| | Some examples: |
| | *''ssh-copy-id -i .ssh/key-with-pass.pub user@destination'' generic example |
| | *''ssh-copy-id -i .ssh/id-rsa.pub john.doe@192.168.0.1'' Will copy the default created id_rsa.pub key to IP 192.168.0.1 for user john.doe |
| | |
| | The remote ssh will ask for remote shell password. |
| | |
| | //Use ''man ssh--copy-id'' to see options and description of command.// |
| | =====references===== |
| [[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]] | [[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]] |
| |
| <- tech_notes:git|back ^ tech_notes:index|Start page ^ tech_notes:s6|next-> | <- tech_notes:git|back ^ tech_notes:index|Start page ^ tech_notes:s6|next-> |
| |