The SSH was a trouble to me all the time and I am always trying to avoid using it if there are other options to carry out my tasks. Later I realised that there are things in life that boost our knowledge to next level once we study them for one or two day thoroughly.
Today, I will conquer my fear about using SSH keys in my web development. After SSH keys, I will make a list of titles that I used to be afraid and I will post later.
What is SSH?
Secure Shell or SSH is a cryptographic network protocol that allow remote login and other network services to operate securely over an unsecured network. from wikipedia I will leave about SSH protocol here as we are here for using SSH keys.
What is SSH keys?
SSH Keys serve as a means of identifying ourselves to an SSH server using public-key cryptography and challenge-response authentication. from archlinux
Why should use SSH keys?
One major advantage of using SSH keys over traditional password authentication is that a user can be authenticated by the server without need of sending a password over the network. So, anyone eavesdropping on your connection will not be able to intercept and crack your password that is never actually transmitted to the server.
How SSH keys work?
As you might notice that it is not an SSH key but keys in plural form. They are always generated in pairs with one known as the private key and the other as the public key. The first is called private key because it is known only to you and should not be shared. On the other hand, the public key can be shared freely with any SSH server to which you wish to connect.
If you request a connection to an SSH server that has your public key on file, it construct and send you a challenge using your public key. The challenge is an encrypted message and it can only be understood by the private key holder. It needs to be reacted with appropriate response before you will be granted your access from the server.
How to use SSH Keys?
So, this is the basic of how the SSH keys work and we will continue to how to use it.
Check for existing SSH keys
Before generating a new SSH key, you should check for existing ones and you might not lose your SSH keys that have been used for connecting multiple servers.
ls -al ~/.ssh in Terminal.
The Terminal will show
No such file or directory if you dont have an SSH key pair. You can create a new one in Generate a new SSH key section below.
If you see a list of files like
id_rsa.pub, proceed to Add to SSH Agent section to make the SSH keys ready to use in an SSH connection.
Before generating a new SSH key, it is better knowing a little knowledge of commands of what you will use. First, there are a few of encryption types used like
Ed25519. Among them,
RSA is the default encryption type of the SSH key and provides the best compatibility of all algorithms. The default key size of
RSA is 2048 bits while its minimum size is 1024 bits and maximum is
RSA needs larger key size to provide sufficient security.
Generate a new SSH key
Type the following command below by replacing with your email address that you will use to login to your server.
ssh-keygen -t rsa -b 4096 -C "firstname.lastname@example.org"
-t(type) specifies the type of the key to create.
-b(bits) specifies the number of bits in the key to create.
Enterwhen you are prompted with Enter file in which to save the key (/Users/username/.ssh/id_rsa): message. This means accepting the default location to save your SSH keys file.
- Type some passphrase to protect your private key file and remember it safely for later use.
Then your generated SSH key pair (private and public keys) has been saved in
.ssh/ folder and the Terminal will show the key fingerprint along with its randomart image like above screenshot.
Add the SSH key to the
The passphrase that you typed in creating your SSH keys in previous section, must be entered every time you attempt yo connect to an SSH server using public-key authentication. This means that the private key needs to be decrypted by using the passphrase before authentication process can proceed.
SSH agent solves this trouble by caching your decrypted private keys and providing them to SSH client programs on your behalf. With
SSH agent, you dont need to type your passphrase again once you type to add your private key to the agent's cache.
eval "$(ssh-agent -s)"to ensure ssh-agent is enabled. It will prompt its running process id like the screenshot below.
Add your SSH key to the ssh-agent by typing
ssh-add ~/.ssh/id_rsawhere you private key identification file has been saved. You need to type the same passphrase that you used to create your SSH keys.
That is you successfully created an SSH keys pair and added your private decrypted key to an ssh-agent.
Copying the SSH Key
The easiest way to copy is
pbcopy < ~/.ssh/id_rsa.pub command in terminal. Otherwise, you can open the key file in the hidden
.ssh folder in your favourite text editor and copy it to your clipboard.