I rarely use password login. And many folks out there even today aren't sure about ssh keys and their usage.

Everything about SSH Keys.

A Thread πŸ‘‡
What is SSH?

SSH is a secure protocol used as the primary means of connecting to Linux servers remotely. It provides a text-based interface by spawning a remote shell. After connecting, all commands you type in your local terminal are sent to d remote server and executed there.
Today, the SSH protocol is widely used to login remotely from one system into another, and its strong encryption makes it ideal to carry out tasks such as issuing remote commands and remotely managing network infrastructure and other vital system components.
How SSH works?

SSH conn is implemented using a client-server model. The remote system must be running a piece of sw called an SSH daemon. This sw listens for conn on a specific nw port, authenticates conn requests, & spawns d appropriate env if d user provides d correct creds.
How SSH Authenticates Users?

Clients generally authenticate either using passwords (less secure and not recommended) or SSH keys, which are very secure.
Diff b/n password login and ssh key login-

Password Login -

With password login, you first establish a secure encrypted channel to the remote system, and then send your username and password to that system.
The remote system then compares those credentials with whatever mechanisms are set in place (local, ldap, etc), and determines whether you provided the correct password and whether you are authorized to log in.
SSH Keys Login -

With ssh key exchange, you establish a secure encrypted channel, then the remote system sends a random block of data for you to "sign" and you pass back the signed block.
If the signature verification passes with the public key set up on that remote system, you pass the credential check and it continues to see if you are authorized.
SSH keys are a matching set of cryptographic keys which can be used for authentication. Each set contains a public and a private key. The public key can be shared freely without concern, while the private key must be vigilantly guarded and never exposed to anyone.
The main diff here is that the private key used for logging in is never sent over the wire, whereas with password login the password is sent to the remote system. If d remote system were compromised, and collected passwords from ssh logins, it could not do the same for ssh keys.
Always keep you Private Keys Safe!

You MUST guard your private key! If you leave that laying around everywhere, it's like writing your password on the wall.
To authenticate using SSH keys, a user must hv an SSH key pair on their local system. On d remote server, d public key must be copied to a file within d user home dir at ~/.ssh/authorized_keys. This file contains a list of public keys, one-per-line, that r authorized to login.
How to set it up?

You can generate a keypair with the command:

ssh-keygen -t rsa -b 4096
That creates a 4096 bit rsa keypair. You may have less bits in ur key size. By default, this creates files in ~/.ssh/id_rsa for d private key & ~/.ssh/id_rsa.pub for the public key. Now we hv our keypair, all we need to do is drop d public key on systems & we can start using it.
You can use the utilities in the openssh package to push the public key, this helps a little by creating the authorized_keys file with the correct permissions for us.

You can push your new ssh public key with ssh-copy-id:

ssh-copy-id -i ~/.ssh/id_rsa root@lco-linux-worker1
Let's Test it.

ssh -i ~/.id_rsa root@lco-linux-worker1 "uname -a"

If it gives u d output of uname from d remote system w/o prompting for your password (it may prompt for key decryption phrase, depending on whether you chose to encrypt ur key during generation), then you're set
What If this doesn't work?

You can start with checking permissions on directories and the authorized_keys file. Another place to look is the sshd_config on the remote system to make sure PubkeyAuthentication isn't disabled.
Removing or Changing the Passphrase on a Private Key -

To change or remove the passphrase, simply type:

ssh-keygen -p
What is SSH Key Fingerprint and how to display it?

Key fingerprints are special checksums generated based on the public SSH key. Run against the same key, ssh-keygen command will always generate the same fingerprint.

Run ssh-keygen cmd to get dfingerprint of the id_rsa keypair
Something advanced -

If you encrypted your key during generation, and you get prompted for decryption phrase every time you use it, you may be wondering where the convenience is. Here's where ssh-agent comes in.
What is SSH-Agent?

ssh-agent is ssh's authentication agent, described in it's man page as "ssh-agent is a program to hold private keys used for public key authentication". It's meant to hold private keys decrypted in-memory for ssh to use.
You start the agent, and load ur private keys from disk, giving d decrypt phrase for each one. Then through d day, when a key is needed, ssh talks to d agent & doesn't prompt for decrypt phrases. At d end of d day, the computer is shut down, & d keys are encrypted at rest again.
How to use ssh-agent?

Run the following command:

eval $(ssh-agent)

We use "eval" here because ssh-agent outputs variables we want our shell to pick up, like where the agent socket is and what pid the process is running.
Add you private key:

ssh-add ~/.ssh/id_rsa

And check it with:

ssh-add -l
Forwarding ur SSH Creds to Use on a Server:

you can fw d auth agent socket thru ssh by using d "-A" option. This would allow you to use d agent from a remote host for d duration of d ssh session. It's kind of like having d priv key on d remote host without ever putting it there!
To start, you must have your SSH agent started and your SSH key added to the agent. After this is done, you need to connect to your first server using the -A option. This forwards your credentials to the server for this session.

ssh -A root@lco-linux-worker1

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Rakesh Jain

Rakesh Jain Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @devops_tech

7 Oct
SSL Decoded!

Everything you need to know about Secure Socket Layer.

A Thread πŸ‘‡
What is SSL ?

It’s a protocol for encrypting and securing communications that take place on the Internet. It's now replaced by an updated protocol called TLS (Transport Layer Security) some time ago.
The main use case for SSL/TLS is securing communications between a client and a server, but it can also secure email, VoIP, and other communications over unsecured networks.
Read 23 tweets
5 Oct
Python Cheat Sheet πŸ‘‡
Part - 1 Image
Part -2 Image
Read 4 tweets
5 Oct
BGP - A possible reason behind the recent disappearance of #facebook #instagram & #whatsapp from the internet.

What is BGP ?

#facebookoutage #networking

A Thread πŸ‘‡
BGP (Border Gateway Protocol) is the routing method that enables the Internet to function. Without it, we wouldn’t be able to do a Google search or send an email. Image
What is network routing?

β€œThe name of a resource indicates what we seek, an address indicates where it is, and a route tells us how to get there”.

- John F. Shoch
Read 14 tweets
27 Sep
What is Git?

What is GitHub?

Learn Git in just one thread! πŸ‘‡
What is Git?

Git is a free, open-source distributed version control system. It keeps track of projects and files as they change over time with the help of different contributors.

A very popular tool used for source code management.
What is GitHub ?

GitHub is an online Git repository hosting service. Thought It adds many of its own features. While Git is a command line tool, GitHub provides a Web-based graphical interface.
Read 53 tweets
25 Sep
What is CPU Load Average?

#Linux #DevOps #Compute

A thread πŸ‘‡
Load averages are the three numbers shown with the uptime and top commands - they look like this:

load average: 0.09, 0.05, 0.01
The three numbers represent averages over progressively longer periods of time (one, five, and fifteen-minute averages), and that lower numbers are better. Higher numbers represent a problem or an overloaded machine.
Read 22 tweets
23 Sep
Networking Basics!

How communication happens?
What are 7 OSI Layers?

#Linux #networking #basics #osi #DevOps

A thread πŸ‘‡
What Is the OSI Model?

The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network. Image
Layer 1: Physical Layer

It represents the electrical and physical representation of the data connection / system.

When a networking problem occurs, many networking pros go right to the physical layer to check that all of the cables are properly connected. Image
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(