SSH COMMANDS
Generate the ssh-key run the command in your terminal
then either rename your key or type enter to continue with the generic given name which is id_rsa for private key and id_rsa.pub for public key
ssh-keygen -t rsa
add Identity
ssh-add /home/user/.ssh/id_rsa
Add the Identity to Github
cat /home/user/.ssh/id_rsa.pub
If the ssh key is meant for GitHub, go to settings look for ssh keys and gpg keys, and paste the copied keys after running the cat command here. Then you are done. You can now use the key to access your GitHub.
Server Key
If the key was meant to be a server key then ssh into your server using your root password and run the following commands in root.
mkdir /home/user/.ssh
touch /home/user/authorized_keys
sudo nano /home/user/authorized_keys
Run the following command on your local machine:
cat /home/user/.ssh/id_rsa.pub
This will give you the public which you copy and paste into the authorized_keys file after the sudo nano command opens the file.ctr + x, you will be prompted if you want to save the file type 'Y' for yes then enter to save. Now exit the server by typing exit then ssh into the server as shown below:
ssh user@134.565.56.31
Replace the user with your username and the IP address with your IP and it should automatically ssh you into your server without needing the password.
Disable Root Password Login For the Server
Type the following commands in your bash terminal to open the file
sudo nano /etc/ssh/sshd_config
After which navigate to the section similar to as below and change the yes to no.
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxAuthSessions 10
After changing the option to no CTR + x a prompt of whether you want to save the new file will appear type 'Y' then enter to save.
Reload the saved file by typing the command below and
sudo systemctl reload sshd
then you are done no one can ssh using the root password to your server. This is mainly to protect against brute force attacks into your server.
Adding an SSH-KEY into your server
You will mainly do this when you want to be able to access other commands like git cloning or pull from Github or GitLab without being prompted for the password each time.
First, confirm that the user created in your server owns the ssh file.run
ls -la
then look for the ssh file
edwin edwin 807 Sep 7 11:09 .profile
2 root root .ssh
As you can see my file is owned by the root, hence if I try to generate any ssh key I will get a permission denied error. I have to change ownership from root to the user I created. I do this by running the commands below in the terminal.
sudo chown -R edwin:edwin /home/edwin
If you run ls -la again you will notice the ssh file switched ownership from root to your current user. i.e mine is now edwin edwin .ssh
After this is done you can run in the terminal:
ssh-keygen -t rsa
You will get prompted with a file path in case you want to rename the ssh file type if you don't need this, otherwise, type the same path.i.e /home/user/.ssh/id_rsa_github.
Then type enter and enter a passphrase in, this is just for some extra security or you can skip this step by just pressing enter again until you see the weird figure below.
The key's randomart image is:
+---[RSA 3072]----+
| ..+ |
| ..o. |
| OoE+.o |
| o=B==* |
| =+SBo* |
| o *+oo |
| o + .o |
| . o =. . |
| . +o |
+----[SHA256]-----+
run:
eval `ssh-agent -s`
then:
ssh-add /home/*user*/.ssh/id_rsa_github
This will add the Identity the cat the id_rsa_github.pub or whatever you named your public key by running the command below.
cat /home/*user*/.ssh/id_rsa_github.pub
copy this whatever is inside the file and paste it again to GitHub.
and now you are done.
Top comments (2)
Here are some tips my friend.
Here is a better command to run to create the ssh key.
$ ssh-keygen -t rsa -b 4096 -C “brandon@example-email.com” -f ~/.ssh/id_rsaThen you copy the public key to the server with this one command. It will create the authorized_keys file automatically.
$ ssh-copy-id -i ~/.ssh/id_rsa.pub username@server_ip_addressChain these commands together like this.
$ eval $(ssh-agent -s); ssh-add /home/$USER/.ssh/id_rsaMake sure you have sudo access, then lock the root account. It will add more security to your server.
$ sudo passwd -l rootYou can also create alias to connect your favourites servers. Just edit your ~/.ssh/config adding this config for each server:
Host my-server
HostName ip_to_connect
User user_to_connect
Then you will can access server just typing: ssh my-server