RSA keys are a public key encryption method that keeps a private key on the host computer, and a public key on other machines. The public key is generated by a mathematical algorithm that can only be de-crypted with the private key. As long as the private key is kept confidential use of the keys is secure.
The keys are secure because they can be encrypted on a users computer protecting the key from falling into the wrong hands, like a password printed on a sticky note and place on your desk. The rsa key is also secure because it allows a server administrator to shut off password authentication on remote servers making a brute force attack that utilizes password dictionaries impossible. By default the rsa key is 2048 bits but this can be altered with the -b option.
Keys are easy to create, and distribute. The key allows near instant authentication without stopping to type a password every time you need to jump onto a server.
From your Mac, Linux computer open the terminal and type the following
You will be asked a series of questions
[email protected]:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa):
To keep the default just press enter. By default this will create a file called id_rsa under /home/user/.ssh/
Next it will ask for a passphrase. You want to enter a passphrase. The passphrase is what protects your private key from being readable by others.
Enter passphrase (empty for no passphrase): Enter same passphrase again:
After entering the passphrase ssh-keygen will generate an rsa key and display a fingerprint like this:
Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: 49:ee:8c:73:d2:a3:53:b9:b4:50:63:19:34:a2:47:c2 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | .. o.o | | E+ ... | | . . .o | | . o=. | | oSo | | .=+ | | ++*o | | .=o. | | .. | +-----------------+
If you cd into /home/
cd .ssh/ $ ls id_rsa id_rsa.pub known_hosts
We will be transferring the id_rsa.pub file to our remote server using “ssh-copy-id”
[email protected]:~$ ssh-copy-id 192.168.0.2 The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established. ECDSA key fingerprint is 10:0f:3b:dy:3d:08:5a:3c:09:c8:81:c1:53:a2:94:9c. Are you sure you want to continue connecting (yes/no)? yes
If you haven’t connected to the remote server yet you will be asked to accept the fingerprint of the server you are connecting to. Just type yes and hit enter.
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password:
Next you will be asked for the password for the user account on the remote server. Only users with a valid account can connect this way.
Now you should be able able to ssh to the remote server without being prompted for a password. You may have it input the passphrase to unlock the key file. However, if you are on a Mac or Linux desktop or laptop you can have it saved in your keychain and will not have to input the passphrase again.
ssh [email protected] Enter passphrase for key '/home/user/.ssh/id_rsa':
Using rsa key authentication will increase the security of your server network.
If you’d like to get in touch, contact with me via email - or follow on Twitter.