How to generate and use SSH Keys

in #security7 years ago (edited)

How to generate and use SSH Keys


What is a SSH Key and why you should use them:


SSH keys serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. One immediate advantage this method has over traditional password authentication is that you can be authenticated by the server without ever having to send your password over the network. Anyone eavesdropping on your connection will not be able to intercept and crack your password because it is never actually transmitted. Additionally, using SSH keys for authentication virtually eliminates the risk posed by brute-force password attacks by drastically reducing the chances of the attacker correctly guessing the proper credentials.
As well as offering additional security, SSH key authentication can be more convenient than the more traditional password authentication. When used with a program known as an SSH agent, SSH keys can allow you to connect to a server, or multiple servers, without having to remember or enter your password for each system.
SSH keys are not without their drawbacks and may not be appropriate for all environments, but in many circumstances they can offer some strong advantages. A general understanding of how SSH keys work will help you decide how and when to use them to meet your needs.

Public and private keys:


Public key cryptography, or asymmetrical cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. This accomplishes two functions: authentication, which is when the public key is used to verify that a holder of the paired private key sent the message, and encryption, whereby only the holder of the paired private key can decrypt the message encrypted with the public key.
In a public key encryption system, any person can encrypt a message using the public key of the receiver, but such a message can be decrypted only with the receiver's private key. For this to work it must be computationally easy for a user to generate a public and private key-pair to be used for encryption and decryption. The strength of a public key cryptography system relies on the degree of difficulty (computational impracticality) for a properly generated private key to be determined from its corresponding public key. Security then depends only on keeping the private key private, and the public key may be published without compromising security.
Public key cryptography systems often rely on cryptographic algorithms based on mathematical problems that currently admit no efficient solution — particularly those inherent in certain integer factorization, discrete logarithm, and elliptic curve relationships. Public key algorithms, unlike symmetric key algorithms, do not require a secure channel for the initial exchange of one (or more) secret keys between the parties.
Because of the computational complexity of asymmetric encryption, it is usually used only for small blocks of data, typically the transfer of a symmetric encryption key (e.g. a session key). This symmetric key is then used to encrypt the rest of the potentially long message sequence. The symmetric encryption/decryption is based on simpler algorithms and is much faster.
In a public key signature system, a person can combine a message with a private key to create a short digital signature on the message. Anyone with the corresponding public key can combine a message, a putative digital signature on it, and the known public key to verify whether the signature was valid—made by the owner of the corresponding private key. Changing the message, even replacing a single letter, will cause verification to fail: in a secure signature system, it is computationally infeasible for anyone who does not know the private key to deduce it from the public key or from any number of signatures, or to find a valid signature on any message for which a signature has not hitherto been seen. Thus the authenticity of a message can be demonstrated by the signature, provided the owner of the private key keeps the private key secret.
Public key algorithms are fundamental security ingredients in cryptosystems, applications and protocols. They underpin various Internet standards, such as Transport Layer Security (TLS), S/MIME, PGP, and GPG. Some public key algorithms provide key distribution and secrecy (e.g., Diffie–Hellman key exchange), some provide digital signatures (e.g., Digital Signature Algorithm), and some provide both (e.g., RSA).
Public key cryptography finds application in, among others, the information technology security discipline, information security. Information security (IS) is concerned with all aspects of protecting electronic information assets against security threats. Public key cryptography is used as a method of assuring the confidentiality, authenticity and non-repudiability of electronic communications and data storage.

Generating a ssh key


You will need a computer with a ssh agent installed.Linux and mac already have one.On windows you can use git-bash or cygwin.
Type in the terminal: ssh-keygen -t rsa
It will ask you were you want to save it: Enter file in which to save the key (/home/aleks/.ssh/id_rsa):(this is my example.Folder structure may be diffrent.)
It will also ask you to enter a password.It is not needed but recomended as if someone will find the private key then it has access to your server. Enter passphrase (empty for no passphrase):
After the process has finished you should have 2 keys.One public and one private.I chosen to be in /home/aleks/.ssh/id_rsa
so the private key is /home/aleks/.ssh/id_rsa and the public one is /home/aleks/.ssh/id_rsa.pub.
Now you need to copy the public key to your server using: ssh-copy-id user@ip.of.your.server

Disabling password authentication


You should now disable password authentication but first test the key by ssh-ing to your server.If you weren't prompted to enter the server password or you were prompted to enter the key password if you entered one in the generation process then it works.
First open ssh config file: sudo nano /etc/ssh/sshd_config.Change PermitRootLogin to PermitRootLogin without-password make sure there is no # before it.Press Ctrl+X then Y then Enter to save.
Now restart the ssh daemon: reload ssh


Bibliography:

Wikipedia

Sort:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://en.wikipedia.org/wiki/Public-key_cryptography

Hey man, this is a really good post. I do however think you should add some pictures to help with your explanation of SSH keys.

Come into Steemit.chat or google PALnet discord to get into some nice communities and make friends. Try the tag ocd-resteem and add it to this post. You may get some love from the @ocd community.

Thank you.Next time I will try to put some pictures.

You could still add some if you edit the post! :]

The @OriginalWorks bot has upvoted(0.5%) and checked this post!
Some similarity seems to be present here:
https://en.wikipedia.org/wiki/Public-key_encryption
This is an early BETA version. If you cited this source, then ignore this message! Reply if you feel this is an error.