Agenda
- What is SSH
- Advantages of ssh-key authentication
- How to generate ssh-key
- How to configure generated ssh keys
- Use-case 1: GitHub
- Use-case 2: Remote server
- References
1. What is SSH
SSH stands for Secure Shell, by which users can manage systems or transfer of files from computer to computer. Users can access to remote machines by username + password or ssh key. I personally prefer ssh-key authentication to traditional login authentication since you can use ssh-key to authenticate yourself not only on remote computers, but also on GitHub and so on.
2. Advantages of ssh-key authentication
The use of multiple SSH keys to grant secure server access to multiple individuals affords three advantages over assigning separate user accounts with traditional login credentials.
- Grants access to multiple parties without sharing passwords.
- Simplifies permission management; all parties log in as the same user and thereby share permissions.
- Allow for easy access revocation as needed.
3. How to generate ssh-key
There are multiple algorithms to generate ssh-key: RSA, DSA, ECDSA, and EdDSA. Mostly used algorithm is RSA (the default option for ssh-keygen), but EdDSA is newer and provides the highest security level compared to key length.
simply:
ssh-keygen -t ed25519 -C "john@example.com"
or more securely:
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com"
- -t specifies the type of key to create, in our case the Ed25519.
- -f specifies the filename of the generated key file.
- -C specifies a comment.
4. How to configure generated ssh keys
You need to use ssh-agent, which is a helper program that keeps track of user's identity keys and their passphrases. Make sure ssh-agent is running:
eval "$(ssh-agent -s)"
Add a host onto "~/.ssh/config":
Host myRemoteServer
HostName 198.222.111.33
User john
IdentityFile ~/.ssh/id_ed25519
IdentitiesOnly yes
Finally, add your SSH key to the agent:
option1 (Mac user):
If you're using macOS Sierra 10.12.2 or later, you will need to modify your ~/.ssh/config file to automatically load keys into the ssh-agent and store passphrases in your keychain.
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
ssh-add -K ~/.ssh/id_ed25519
option2 (linux user):
And then, add your newly generated Ed25519 key to SSH agent
ssh-add ~/.ssh/id_ed25519
or add all generated keys to SSH agent
ssh-add
5. Use-case 1: GitHub
First,
pbcopy < ~/.ssh/id_ed25519.pub
Click my profile image -> Settings -> In the "Access" section of the sidebar, click SSH and GPG keys -> Click New SSH key or Add SSH key -> paste the copied key into "Key" field.
6. Use-case 2: Remote server
First of all, copy the public key to the remote server:
ssh-copy-id -i ~/.ssh/id_ed25519.pub john@198.222.111.33
And then:
ssh john@198.222.111.33
or:
ssh myRemoteServer
Top comments (0)