Difference between revisions of "Ssh keys"

From HPC Wiki
Jump to: navigation, search
(Created page with "An ssh key is a way of identifying (authenticating) yourself when connecting to a server per ssh. A different popular authentication method is via a password. == Why shou...")
 
Line 13: Line 13:
 
You can then optionally protect your key with a passphrase. (Your key is basically just a file sitting on your computer and a passphrase protects your key, if someone happens to steal/copy that file).
 
You can then optionally protect your key with a passphrase. (Your key is basically just a file sitting on your computer and a passphrase protects your key, if someone happens to steal/copy that file).
  
If you did not specify a different file, the key normaly gets generated to
+
If you did not specify a different file, the key normaly gets generated into the folder
 +
~/.ssh
 +
with the files '''id_rsa''' being your private and '''id_rsa.pub''' being your public key.
  
 +
This public key now has to be copied to the server to the
 +
~/.ssh/authorized_keys
 +
file. This can be done, by opening an [[ssh]] connection via password and then using an editor (e.g. [[vim]]) to paste the key into the file (creating the '''.ssh''' directory if it does not exist):
 +
$ mkdir ~/.ssh
 +
$ vim ~/.ssh/authorized_keys
 +
 +
The next time you [[ssh]] to the server, it should use the key and instead of prompting the password for the server, prompt for the passphrase of the key, if you chose to employ one.
  
  
 
== how-it-works ==
 
== how-it-works ==

Revision as of 15:13, 5 April 2018

An ssh key is a way of identifying (authenticating) yourself when connecting to a server per ssh. A different popular authentication method is via a password.

Why should I use it?

When you connect to a server, authenticating via a password there are two main problems:

  • Someone could intercept/crack your password, since it has to be send to the server at some point in some form.
  • Someone could bruteforce or guess the password, since many passwords are commonly weak, hard to remember or used for multiple applications and then cracked/leaked.

How-to-use-it

You should start by generating a key pair:

$ ssh-keygen -b 4096

where you can specify the max length of the key up to 16384 bits.

You can then optionally protect your key with a passphrase. (Your key is basically just a file sitting on your computer and a passphrase protects your key, if someone happens to steal/copy that file).

If you did not specify a different file, the key normaly gets generated into the folder

~/.ssh

with the files id_rsa being your private and id_rsa.pub being your public key.

This public key now has to be copied to the server to the

~/.ssh/authorized_keys

file. This can be done, by opening an ssh connection via password and then using an editor (e.g. vim) to paste the key into the file (creating the .ssh directory if it does not exist):

$ mkdir ~/.ssh
$ vim ~/.ssh/authorized_keys

The next time you ssh to the server, it should use the key and instead of prompting the password for the server, prompt for the passphrase of the key, if you chose to employ one.


how-it-works