Setting Up SSH Key Based Login

Setting up SSH key based login

after you use ssh-keygen command it will generate a public id and a private id

[pramodya@vm1 ~]$ ssh-keygen
 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/pramodya/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/pramodya/.ssh/id_rsa
Your public key has been saved in /home/pramodya/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:x9WUkMeYYswtVRP8AC2ujo1TTb6PlXGBXestrZPchYQ pramodya@vm1
The key's randomart image is:
+---[RSA 3072]----+
|         o o+@=o.|
|          * *+X.o|
|         . +E+o* |
|         . .o..o+|
|        S o=  +.=|
|         .o o. O.|
|         *   .B .|
|        + o .o . |
|         .  ...  |
+----[SHA256]-----+
 
[pramodya@vm1 ~]$
 
 

• Why setting a passphrase make is more secure?
  • if a hacker stole your private key he can’t use it without your passphrase

Functionality of ssh-copy-id

• Copies Public Key: The primary function of ssh-copy-id is to copy the local host’s public SSH key to the remote host’s ~/.ssh/authorized_keys file. This allows for password-less authentication when connecting to the remote server via SSH.

• Sets Permissions: The command also ensures that the permissions of the remote user’s home directory, the ~/.ssh directory, and the ~/.ssh/authorized_keys file are correctly set. This is important because SSH will refuse to connect if these permissions are too open, which could lead to security vulnerabilities.

• Automates Key Management: By using this command, users avoid common pitfalls associated with manually copying keys, such as incorrect formatting or permission issues. It automatically handles these aspects, making the process more secure and efficient.

after you use ssh-copy-id command it will put your public id inside the file ~/.ssh/authorized_keys

[pramodya@localhost ~]$ cat ~/.ssh/authorized_keys
 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9tL2hwBcN0HgjEgfJhggTPv9MnmVwJ4EBitar4QxReYsSt8qI6hHJdNcNX3fmtis+CfuXdmNLcK6lUfQ++jYtXFHPHTagXQ3gGJiEmuN7zlciKhHRiG1ogiiCVaQeDOjbdIO33h/+KTT7EIeWlrMFhaKRvsg9xlDhnjt8RnjMkfR+FCtXhWIvp5AubacSQyjq8tnfpa1gF6CTbbBe3gsmonebHO0BtlLn5AVfUsYw8mrSZ6kuT+DloWmgGyRFnnnkFt5fe0a8nv5mQCOCH2EdohSeDfOywENLOVRsJz8QbKsdwa3aP5372pX38VMlDdaUN7kS8xGrmgVSNugTMMG0+8U6RPoBzJ/cH2oBq7rpRNr4nLWLECoXlCpqjd2ZSn/R8IYss6laNfgp6JK1pE0M3KByXKM4v+CU0jW7Hde/YKjJdgsO/QyqcrFRIzKe7Qjp73XgTb1MrfpAxkDngLXSNADf7Lam5QGu2jUkQuNNAyRJ+yTbG7JiPDvOp15Jgp0= pramodya@vm1
 
[pramodya@localhost ~]$
 

after you copy your id to the server you can access the server without typing the password

[pramodya@vm1 ~]$ ssh vm1
 
Activate the web console with: systemctl enable --now cockpit.socket
 
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Tue Dec  3 22:35:17 2024 from 192.168.122.68
 
[pramodya@vm1 ~]$
 

Keep_multiple_ssh_keys