How to for Linux, Windows and Mac
It’s quite clear say that if you access an OS you must use SSH Keys.
These are private and authorized (public) keys that grant access, therefore I decided to write this quick user’s guide to allow you to generate and use keys.
Taking for granted that SSH servers must be configured to prevent anonymous logons, SSH Server allow you to manage any tipes of authentication also a two factors authentication.
We can also use a Google App like Authenticator to generate a randomic one time token valid only for us and see a classic RSA keys access.
SSH keys for Linux
Every OS provides an helpful ssh-agent that stay on the wire and, once you connect to an OS that has got your public key installed, it opens the private section without any manual instruction from you. with or without password request.
$ cd $ mkdir .ssh $ ssh-keygen -t rsa -b 4096 -C "YOUR EMAIL" -f .ssh/name.surname
This command will generate two keys in the hidden file .ssh on your homepage; name.surname and name.surname.pub.
Once the keys has been generated, we can add the public section on the servers we want to connect with or give it to our system engineer.
$ ssh-copy-id -i ~/.ssh/name.surname USER@HOST
This way we upload the public key on the server (HOST),for the user (NAME) just admitting that we can connect by using the password.
The next step is to insert our private key in the SSH-agent
$ ssh-add $ ssh-add -l 4096 SHA256:/k3I5T4/OrUfpcrr2y7YQkd5qHFkh2edgmS6FgmPDLM YOUR EMAIL (RSA)
We can now connect by using the classic command without specifying the key.
$ ssh USER@SERVER
The agent automatically call your SSH keys.
SSH keys for Windows 10 v1809
Finally Microsoft has released a new version introducing the standard commands of SSH Client. Now we can use the same commands as per Linux with some little adjustments.
- Select the Start button.
- Find the Windows System folder from the list of apps and tap or click it.
- Click or tap Command Prompt under the Windows System folder.
c:\Users\Federico Fiordoliva>mkdir .ssh c:\Users\Federico Fiordoliva>ssh-keygen -t rsa -b 4096 -C "YOUR EMAIL" -f .ssh/name.surname
Unfortunately we can not find any script ssh-copy-id in Windows so we have to send the public key to the system engineer or CTRL+C and CTRL+V in the server.Now we can use the ssh-agent but we have to authorize it.
Run services.msc to open the Services Manager. Here we will be able to start, stop, disable, delay Windows Services.
Now we have to find and start the OpenSSH Authentication Agent. (automatically)
c:\Users\Federico Fiordoliva>ssh-add .ssh/name.surname Identity added: .ssh/name.surname (.ssh/name.surname) c:\Users\Federico Fiordoliva>ssh-add -l 4096 SHA256:/k3I5T4/OrUfpcrr2y7YQkd5qHFkh2edgmS6FgmPDLM .ssh/name.surname (RSA)
Let’s verify by using the ssh-add -l command that the agent has run the private key correctly. We can now just connect to the server.
c:\Users\Federico Fiordoliva>ssh USER@SERVER
The agent automatically call your SSH keys.
SSH keys for Windows
For all Windows os we can use an easy app called Putty Download PuTTY here paying attention to choose the correct MSI Windows Installer version 32 o 64 bit). Once installed we now open again the Command Prompt window and type:
After running the command a simple graphic user interface for keys generation will appear.
Now we have to modify RSA settings, 4096 and click the Generate button.
Move the mouse on the grey section untill you will create the random code.
Once we have created the keys we can define the others values and save them.
By clicking on “Save public key” we will save the public key in order to give it to the system engineer or copying and passing it to the server.
Click also on “Save private key”.
Once we have generated the keys and put it on the public server we can run PuTTY. Here we can create a kind of library of our servers with all the connection settings.
From the Session Menu we can configure user name and server address and nominate the session.
In the SSH->Auth menu we can specify which private key use for this session.
Also we can save our sessions clicking again on the SSH->Auth menu and Open. We have saved our connection settings for this server, next time we will only click the selected session and on the Load button to reconnect by using our keys.
SSH keys for Mac OS
The same things as for Linux are valid for Mac.
There are so many graphic user interfaces as PuTTY free to use.
I didn’t talk about security in generating keys without passwords.
Are we really safe in doing this ?
Where can we save our keys?
Anyone is able to use a private key without password so it’s better to use a strong password and keep it safe.
Another way to protect your keys is to encrypt your pc hard drive. If you are using a sharing pc you can use a different user profile.