Sentient Intelligence

“I like nonsense, it wakes up the brain cells. Fantasy is a necessary ingredient in living, it’s a way of looking at life through the wrong end of a telescope. Which is what I do, and that enables you to laugh at life’s realities.” - Dr. Seuss
Aug 7th 2009
Tags: Linux

SSH keys for remote access

As a systems administrator i tend to work on the command line a lot and access servers through the shell a lot. The first thing i usually do in a new role is setting up an SSH key for access to the servers.

Once i have the key set up then i distribute it to the various servers so that i can shell into the servers without having to type in my password everytime i needed to access a server.

The client here is the machine that you normally use to work or access the remote machine from.

The basic steps to follow are

  • Generating a Key
  • Distributing the Key
  • Setting up key access limits for more security

Its a good idea to verify that SSH is installed before starting – the following command should tell you what veresion of SSH you’ve got installed

bhowmik@ubuntu:~$ ssh -V
OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007

Generating a key

Generating a key is fairly easy, all you need to do is run the ssh-keygen command. By default it generates a 2048 bit key which is considered fairly secure. You can specify a custom number of bits using the -b <bits> option at the  command line with ssh-keygen

bhowmik@ubuntu:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bhowmik/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):

Make sure that you do not enter an empty passphrase or your password as a passphrase. The whole point of having a passphrase is to use a phrase for security as opposed to a password. It is even better if you can intersperse your passphrase with uppercase, lowercase, numeric and special characters. Something like “$$H is what i use for r3mote Access.” is a decent passphrase.

Once you are done with that you will get the following message

Your identification has been saved in /home/bhowmik/.ssh/id_rsa.
Your public key has been saved in /home/bhowmik/.ssh/id_rsa.pub.
The key fingerprint is:
43:8c:4b:d4:5c:53:4a:f3:5e:b1:c3:eb:9c:46:ee:44 bhowmik@ubuntu

This indicates that your key has been generated. The key is stored in your home directory in the .ssh subdirectory. The id_rsa file is your private key and should not be given out to anybody while the id_rsa.pub is your public which we need to distribute to the servers you want to set up remote access to.

Distributing the Key

Once you have generated the key you need to copy it to each server and store it in your home directory on that server in the .ssh folder in the file authorized_keys

A simple way to do this would be

bhowmik@ubuntu:~$ scp /home/bhowmik/.ssh/id_rsa.pub bhowmik@remote.server:~/.ssh/authorized_keys

Where remote.server is the ip address or domain of the remote machine

After copying the file make sure the permissions are sufficiently restrictive on the remote server. The permissions needed are 600 for the authorized_keys file.

bhowmik@remote.server:~$ chmod 600 ~/.ssh/authorized_keys

Reference:

ssh-keygen man page for Ubuntu 9.04

Colophon

Donec ac nisi in lectus euismod sodales. Suspendisse congue, arcu sit amet adipiscing scelerisque, enim neque ullamcorper dolor, sed viverra erat leo eu metus. Cras porttitor bibendum nunc.

More info

Syndicate

Activity

No comments, leave your comment or trackback.

Leave a Reply


Search

The archives run deep. Feel free to search older content using topic keywords.

Browse by Category