SSH, Keys, and Utilities
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hey Cybrarians.
00:00
>> Welcome back to
00:00
>> the Linux+ course here at Cybrary,
00:00
I'm your instructor Rob Goelz.
00:00
In today's lesson, we're going to be covering SSH,
00:00
Keys, and Utilities.
00:00
Upon completion of today's lesson,
00:00
you are going to be able to understand how users
00:00
can create a key pair for SSH key exchange,
00:00
we're going to determine the location
00:00
that these key files get stored in,
00:00
both on the client and on
00:00
the remote host we're connecting to,
00:00
and we're going to use the SSH utilities
00:00
to work with and create keys.
00:00
We've covered the process to login with password.
00:00
We saw that in the previous lesson with
00:00
a connection attempt that we do from
00:00
a client to a remote system,
00:00
and then it prompts us for a password.
00:00
What if you don't want users
00:00
connecting to SSH using a password?
00:00
Well, then you can do what's sometimes
00:00
called a passwordless login.
00:00
We'll talk more about that in Module 17.
00:00
In order to do a passwordless login,
00:00
each user has to create a public key or
00:00
a key pair to do key exchange and
00:00
exchange their public key with the remote host.
00:00
To create the public key for the key exchange,
00:00
the first thing we need to do is create a key pair.
00:00
Well, luckily for us,
00:00
OpenSSH provides utility to do just that.
00:00
The command is called ssh-keygen,
00:00
and it's used to create those key pairs,
00:00
the private and public key.
00:00
What this will do when we
00:00
run it is it's going to prompt us
00:00
for a filename or a path
00:00
where we want to store the file,
00:00
and it's going to prompt us for a password,
00:00
and I definitely recommend you do provide a password.
00:00
Now the private and public keys are created,
00:00
and they get stored in the user SSH directory.ssh.
00:00
The default names for these are id_rsa.
00:00
This is the private key,
00:00
which is also sometimes known as the identification key,
00:00
and then id_rsa.pub is the public key, hence dot pub.
00:00
Now that's the key that gets moved around and shared,
00:00
don't ever share the private key.
00:00
Only you know that,
00:00
and you have a password to get into it.
00:00
Now, by default, the ssh-keygen utility we just talked
00:00
about creates an RSA key with 2048 bits,
00:00
but you may want a stronger key
00:00
or different encryption algorithm altogether.
00:00
Luckily for us, ssh-keygen has a bunch of
00:00
different options we can use to change the key pair.
00:00
Here are the few that I frequently use.
00:00
First of all -b,
00:00
it allows us to set a longer key.
00:00
It specifies the key size in bits; b for bits.
00:00
We can use -t to change
00:00
the type of key that we're using entirely;
00:00
the different type of encryption algorithm.
00:00
Then we can also use -C to add a comment.
00:00
Generally, I'll add my email address to the key.
00:00
For example, if we want to change to a longer RSA key,
00:00
we want to use more bits in the key size,
00:00
we can say ssh-keygen-t type for RSA,
00:00
-b for bits, and we're going to change it from 2048,
00:00
double it up, say 4096,
00:00
and then we can do -C and put an email address here,
00:00
I put in rob@bogusdomain.com or doing for real,
00:00
I put in my actual e-mail address.
00:00
Then to use this newer Ed25519 encryption algorithm
00:00
to change the entire key type that we're using,
00:00
we could say ssh-keygen-t and say Ed25519,
00:00
and then also add my bogus domain
00:00
there at the end as well in the comments.
00:00
Now that you've created the key pair,
00:00
how do you get that public key over to
00:00
the remote server? How do you share it?
00:00
Well, luckily, SSH is provided
00:00
yet another utility for this purpose,
00:00
and that is the ssh-copy-id command.
00:00
Now, this utility is simple,
00:00
and the format is really easy.
00:00
We do ssh-copy-id user@remote-host.
00:00
If we're worried about that, we can also do a dry-run.
00:00
We could do ssh-copy-id-n user@remote-host.
00:00
If I were trying to copy
00:00
my public key to Ubuntu 20, for example,
00:00
I would say ssh-copy-id
00:00
rob@ubuntu20, and we'd be good to go.
00:00
Now the next step in this process is that when we
00:00
use ssh-copy-id to copy
00:00
our public key to a remote server,
00:00
it's actually going to prompt us for
00:00
our password on the remote server.
00:00
This is just so that we can connect
00:00
to it and start doing things.
00:00
What it's going to actually do is
00:00
take the public key that we're transferring,
00:00
and store it on the remote system.
00:00
This actually gets put into another file that
00:00
is local to the user home directory,
00:00
but it's local to the user home directory
00:00
on the remote system.
00:00
This file is called the authorized keys file.
00:00
This is stored in the.ssh directory,
00:00
the user home directory,
00:00
but it's stored on the remote host,
00:00
and it places the public key of
00:00
the user into that file, in.ssh.
00:00
Now, if ssh-copy-id is not available for some reason,
00:00
don't worry, you can still work around this.
00:00
What you have to do is copy the entire content
00:00
of your SSH public key there,
00:00
your Id_rsa.pub, or what have you,
00:00
and then you would log in to the remote server,
00:00
you just SSH in normally to
00:00
the remote server and you would go in,
00:00
and you would create the authorized underscore
00:00
key file and paste in that public key there.
00:00
Now when you create a key pair with ssh-keygen,
00:00
it is highly suggested that you provide
00:00
a password for the key when prompted to do so.
00:00
Once you provide a password for that key,
00:00
you have to use that password every time you use the key.
00:00
What happened to passwordless login?
00:00
Well, this is where you can use the ssh-add command.
00:00
Ssh-add is used along with ssh-agent
00:00
to add the key to the session once.
00:00
Then you only need to type the password once,
00:00
and then that's always running in your session.
00:00
You don't have to type the password over
00:00
and over again every time we want to use a key.
00:00
The way that you do this is by
00:00
opening ssh-agent app you do eval`ssh-agent`
00:00
and I put backticks on either side of
00:00
it on a US keyboard that's to the left of the one,
00:00
and so we do eval`ssh-agent`.
00:00
That's going to open up
00:00
the agent to handle our private key,
00:00
then we type in ssh-add,
00:00
and when prompted we enter
00:00
the password that we created for the private key.
00:00
Now when we connect to remote servers,
00:00
we can actually use the exchange key
00:00
and no password at all, true passwordless login.
00:00
In this lesson, we covered how users can create
00:00
a key pair in SSH using ssh-keygen.
00:00
We talked about the id_rsa,
00:00
and id_rsa.pub files that hold
00:00
the key pair and their locations in.ssh.
00:00
Then we talked about how to use
00:00
ssh-copy-id to copy a public key to a remote server,
00:00
and store it in.ssh_authorized keys or authorized_keys,
00:00
and then we talked about using ssh-agent
00:00
and ssh-add for true passwordless login.
00:00
Thanks so much for being here,
00:00
and I look forward to seeing you in the next lesson.
Up Next
Instructed By
Similar Content
