Introduction
SSH offers two methods of authentication: password and key pair authentication.
Password Authentication: While simple passwords are easily remembered, they are also easily compromised through brute force attacks. On the other hand, complex passwords, though safer, are challenging to remember.
Key Pair Authentication: This method involves a combination of a public key and a private key. The public key is placed on the device that one wishes to access, while the private key is stored on the user’s local machine. Only the holder of the private key can access the device, making this method secure and convenient.
Generating a Key Pair with ssh-keygen
The ssh-keygen
command can be used to generate a key pair. Here is how to use it:
|
|
For a stronger key pair, use:
|
|
Note: When prompted, hit Enter for each prompt.
Uploading the Public Key to the Remote Host
There are two ways to upload the public key: manually and automatically.
Automatic Upload
To automatically upload the public key, run:
|
|
Or specify the public key and port:
|
|
Manual Upload
To manually upload the public key, copy the public key content:
|
|
Next, set the correct permissions on the remote host:
|
|
After creating the authorized_keys
file and pasting the public key contents into it, we can log in without a password:
|
|
Managing Sessions via SSH Profiles
SSH profiles are an elegant and efficient way to manage multiple remote logins. You can create several remote hosts on the SSH profiles as shown:
|
|
Ensure that you set the correct permissions on the SSH profiles:
|
|
After setting up the SSH profiles, you can log in by simply entering the alias name:
|
|
Disabling Password Login
For security reasons, it is recommended to disable password login:
|
|
One-Key Configuration on SSH
Setting up a new remote host key login requires several steps such as key pair generation, permissions setting, public key upload, and password disabling.
However, we can upload all the public keys to Github SSH keys, and then deploy the public key with one command on the new remote host:
|
|
Also, disable the password and restart the SSH daemon:
|
|
Additionally, we can simplify the process using P3TERX’s SSH Key Installer:
|
|
Option | Description |
---|---|
-o | Enables overwrite mode. Must be written at the top to take effect. |
-g | Retrieves the public key from GitHub. The parameter is the GitHub username. |
-u | Retrieves the public key from a URL. The parameter is the URL. |
-f | Obtains the public key from a local file. The parameter is the path of the local file. |
-p | Modifies the SSH port. The parameter is the port number. |
-d | Disables password login. |
Deploying the Public Key
Here are some ways of getting the public key:
i. Get the public key from Github:
|
|
ii. Get the public key from a URL:
|
|
iii. Overwrite mode will completely replace the previous key on /.ssh/authorized_keys
:
|
|
iv. Disable password login:
|
|
v. Modify the SSH port:
|
|
Conclusion
Whether manually or automatically, managing SSH keys involves creating a secure key pair, uploading the public key to the intended device, and managing sessions using SSH profiles. For increased security, it is advisable to disable password logins. Various tools such as P3TERX’s SSH Key Installer can simplify these processes.