SSH Keys

china

SSH keys remove the need to remember a username or a password. They are terrifying to hackers because they are often 2048 bits long (at 8bits per character, thats a password thats 256 characters long).

SSH keys are nearly unbreakable. 

They come in two pieces, created by a free program called SSH-KEYGEN. This program creates a public file that can be stored on the web and accessible by anyone. It also creates a private file that you keep securely on your machine and NEVER hand it out to anyone.

When you login to a machine using SSH, the destination machine matches your private key to the public key and an encrypted conversation can start, and you are logged in.

To get started: cd into your home directory, create an .ssh folder, cd into that then run "ssh-keygen"

ssh

 

Then make sure you give the keys an informative name, dont just accept the defaults, Naturally, the public key has the ".pub" suffix as shown below. 

keys

now that you have your keys, distribute the public key to machine(s) you need to log into. Follow their instructions as they may be different from these. For using a command line shell (like shown in the pics above), once you copy the public key to the target machine, then make a directory in your home directory called ".ssh".

Usually the command to do this is mkdir .ssh

Copy the key into the ".ssh" directory then make a filed called "authorized_keys". You can do this with the command:

touch authorized_keys

then copy the new public key into this file. Use the command:

cat <yourpublickey.pub >> authorized_keys

Now you are done.

At the command line of the machine you are sitting at ("source" machine), you can login to the destination machine without entering information about your SSH key. Just enter the following command:

ssh <yourname>@<machinename> 

The SSH server on the destination machine will log you in using a highly encrypted and secure connection.

This is all called "Private Key Encryption" (PKI). Its highly secure, works with webservers, email, command lines and many other systems. The install procedures vary from system to system, but they all share the same basic steps which are:

  • Create the private and public keys with SSH-KEYGEN
  • copy the public key to the destination machine
  • add the public key to the "authorized_keys" file

Now, you never have to remember a password for the destination machine every again. Finally, you need to make the private key on your source machine highly secure. With Mac OSX or Linux you do this by changing the permissions to:

chmod 0700 <privatekey>

Be sure to back up your private key because if you lose it, you have to start over. 

For more great information on this, go to ssh.com. They are the developers of the secure shell (SSH) and are experts in the field of secure communications.