Showing posts with label ssh. Show all posts
Showing posts with label ssh. Show all posts

Thursday, 8 February 2018

Generate SSH keys using cmd line - Mac OS/Linux

ssh-keygen:

    ssh-keygen is an command line tool which is used for generate, manage and convert ssh keys. ssh-keygen can create keys for use by ssh protocal version 1 and 2. it has many option 

The type of key to be generated is specified with the -t option.  If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections.

Normally each user wishing to use SSH with public key authentication runs this once to create the authentication key in 
  • ~/.ssh/identity
  • ~/.ssh/id_dsa,
  • ~/.ssh/id_ecdsa
  • ~/.ssh/id_ed25519
  • ~/.ssh/id_rsa.
Additionally, the system administrator may use this to generate host keys, as seen in /etc/rc.

Normally this program generates the key and asks for a file in which to  store the private key.  The public key is stored in a file with the same name but ``.pub'' appended.  The program also asks for a passphrase.  The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length. 

open your terminal and run following command:

ssh-keygen -t rsa -f ~/.ssh/[KEY_FILENAME] -C [USERNAME]

-f - is name that you want to use for your ssh key files.
-c - is user for whom you will apply this ssh file
-t  - Specifies the type of key to create. (dsa | ecdsa | ed25519 | rsa | rsa1)

ex: 

ssh-keygen -t rsa -f ~/.ssh/my-ssh-keys -C ubuntu
 Specifies Above command create following two files.

my-ssh-keys - private key
my-ssh-keys.pub - public key

This command generates a private SSH key file and a matching public SSH key with the following structure:
ssh-rsa [KEY_VALUE] [USERNAME]
And restrict access to your private key
chmod 400 ~/.ssh/[KEY_FILENAME]
And restrict access to your private key.. Once you created public key and private key, add your public key into server's authorized_keys file which you want to access via ssh.
Normally it will be located in ~/.ssh/authorized_keys

cat ~/.ssh/authorized_keys

connect the server using ssh command line tool. When you connect first time it will ask to add server IP address to your known host list. Give yes for that.

ssh -i [private_key_file] [username]@[server-name]
ssh -i my-private-key ubuntu@10.193.10.23

Monday, 22 August 2016

What is SSH key authentication?


SSH key authentication providing secure way of logging into server without entering password. while password is easily cracked with a brute force attack but SSH key is impossible to crack.

So what is SSH key authentication?

   SSH key is a two long string generated using key-pair which you have provided. one string is called public key and another one is called private key. You have to place public key in your server and private key in your client machine. When you request the server, it will check the provided private key with server public key, If it matches then system unlocks without the need for a password.


Step 1: Creating public key and private key using puttygen:



PuTTYgen is a key generator. It generates pairs of public and private keys. key passphrase is giving additional security but you can leave it as empty. You could generate the keys and store it into your local machine. putty key generator have options to save public key and private key.



Step 2: Add your public key to server:

Copy the public key from keygen. Key is shown in following format

                                             "ssh-rsa <keystring> keycomment"


                                  






Add your public key into your server ssh folder. In windows ssh folder available in the following general path C:\Users\<username>\.ssh. save the ppk file into this path.

In Linux machine it will available in user home location "/home/<username>/.ssh"
.ssh folder is hidden by default.









There is an "authorized_keys" file available in .ssh folder. This file contains the list of public keys for the server. You have to add your public key into authorized_key file. Open "authorized_keys" in any one editor(vi, vim, nano.. ) and add your new public key to end of the file.



Step 3: Call your server with private key

You have stored public key into server ssh folder. Now call your server with locally stored private key file. If your private key and server public key match up, than server allows you without asking password.

Windows user connect server via putty tool. 

  • Open putty
  • Give IP address of the server in hostname location
  • Click SSH authentication option in left side and then click Auth section
  • Browse private key file which is stored in your local machine and click open
  • Enter username for login (name of the user you have added public key in .ssh folder in server)




Linux User:

Linux user can connect server via terminal using ssh. go to the path of your pem key file(not .ppk file) and put following command.

               ssh -i <pem key file> username@hostname

Example:  ssh -i private_key.pem ubuntu@10.10.10.10

Linux or mac machine does not support .ppk file, it supports .pem(permission file) format. you can convert ppk file in to pem file using puttygen software.

Converting .ppk file to .pem file:

  • Open puttygen
  • load existing ppk file
  • click conversions in menu bar
  • choose Export open ssh key
  • save it in to .pem format

you could have convert vice versa. You can convert ppk to pem and also pem to ppk file.