If you want to enhance your security, one of the best practice its to use ssh public-key with the secure shell. Public-key authentication is more secure than password authentication, as it provides much stronger identity checking. An entity must possess both, the private key and the correct passphrase to authenticate itself to another entity.
Malicious users would have to obtain the private key of a legitimate user before being able to mount a brute-force or dictionary attack to discover the user’s passphrase. A password is susceptible to brute-force attack by a malicious user or worse, a password can even be guessed by someone who knows about the user’s personal information that can be used to retrieve the password.
Here we cover how to generate ssh key in Linux and how to add the private key to your profile in a client machine.
Creating SSH keys
This process can be done by using the ssh-keygen command. It is highly recommended to put a passphrase on your SSH private key. If you lose your SSH private key (and not have a passphrase on it), anyone can use it to access your nodes.
pi@kripsberry:~ $ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/pi/.ssh/id_rsa):
Created directory '/home/pi/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/pi/.ssh/id_rsa.
Your public key has been saved in /home/pi/.ssh/id_rsa.pub.
The key fingerprint is:
xxx
The key's randomart image is:
+---[RSA 2048]----+
+----[SHA256]-----+
pi@kripsberry:~ $How to use
To use you new key, just go to the client machine and use the command ssh-copy-id.
Run ssh-copy-id user@hosts and follow the steps.
krips@KRIPS-PC:/mnt/c/Users/krodr$ ssh-copy-id kr1ps-pi
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/krips/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
pi@pi.kr1ps.com's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'kr1ps-pi'"
and check to make sure that only the key(s) you wanted were added.
With all of this done, now you can access your server with ssh-key and without passwords.
Code is Poetry
👋
