Table of Contents
SSH Keys for User
Preface
When you will start to use SSH for remote access for your server it is possible to use several ways how to verify your identity (authorization user). One of them is to use standard login and password. In this case for most accounts is used some word or in better scenario a sentence. With using butte force and dictionary it is in most cases possible to break passwords like this.
According to this SSH protocol is able to use more secure way for user authentication. Called “SSH keys”, that will be used for user authentication process. I’ll focus on OpenSSH application in my examples that is used on most Linux systems.
As well in MS Windows system you can use application called Puttygen.
Historically we do have protocol SSH1 that is using RSA keys and protocol SSH2 that is using DSA keys. OpenSSH application is able to handle as well RSA and DSA keys.
SSH Key generation
For SSH Key generation we will used application called “ssh-keygen” that is part of OpenSSH . For more information you can check the man page.
The most common location of the new generated keys is in home directory of user in folder “ ~/.ssh/ “.
During generation of SSH Keys you will be asked for PassPhrasse. This will be used for enabling access to your keys.
The easiest way how to create SSH keys for your account is to log in to your Lynx system and run this commands:
RSA (Used at SSH1)
[iggyt@DD2 ~]$ ssh-keygen -t rsa -b 4096 # This will generate 4096 bits RSA keys for your user Generating public/private rsa key pair. Enter file in which to save the key (/home/iggyt/.ssh/id_rsa): # " ~/.ssh/ " is common Directory to store SSH keys Created directory '/home/iggyt/.ssh'. Enter passphrase (empty for no passphrase): # PassPhrase is not Password but it is enabling you to use SSH Keys Enter same passphrase again: # Verify PassPhrase !!! Do NOT share it !!! Your identification has been saved in /home/iggyt/.ssh/id_rsa. # Your Private RSA key !!! Do NOT share it !!! Your public key has been saved in /home/iggyt/.ssh/id_rsa.pub. # Your public RSA key The key fingerprint is: 57:5a:d1:c1:6c:5c:ab:9f:88:4c:d9:6d:d8:09:85:89 iggyt@DD2 The key's randomart image is: +--[ RSA 4096]----+ | o=++.| | E +B .| | oo . | | +o * .| | S oo + = | | .o . + .| | o . o | | | | | +-----------------+
DSA (Used at SSH2)
[iggyt@DD2 ~]$ ssh-keygen -t dsa -b 1024 # This will generate 1024 bits (maximum) DSA keys for your user Generating public/private dsa key pair. Enter file in which to save the key (/home/iggyt/.ssh/id_dsa): # " ~/.ssh/ " is common Directory to store SSH keys Enter passphrase (empty for no passphrase): # PassPhrase is not Password but it is enabling you to use SSH Keys Enter same passphrase again: # Verify PassPhrase !!! Do NOT share it !!! Your identification has been saved in /home/iggyt/.ssh/id_dsa. # Your Private DSA key !!! Do NOT share it !!! Your public key has been saved in /home/iggyt/.ssh/id_dsa.pub. # Your public DSA key The key fingerprint is: 06:85:95:ff:2a:bf:ef:42:78:c3:4e:de:4c:6d:0c:2d iggyt@DD2 The key's randomart image is: +--[ DSA 1024]----+ | oo. | | ... | | . . . | | . . E . | | So . = | | .. * o + | | * * . | | . = o | | oo=o | +-----------------+
Result:
[iggyt@DD2 .ssh]$ ll ~/.ssh/ total 16 -rw-------. 1 iggyt iggyt 736 Jan 14 19:49 id_dsa -rw-r--r--. 1 iggyt iggyt 599 Jan 14 19:49 id_dsa.pub -rw-------. 1 iggyt iggyt 3311 Jan 14 19:37 id_rsa -rw-r--r--. 1 iggyt iggyt 731 Jan 14 19:37 id_rsa.pub
Convert OpenSSH Keys to Putty Keys:
Putty is SSH Client tool used mostly at M$ Windows operation systems for remote access to SSH server. In the case that you are going to use mentioned client it is required to convert your SSH keys with puttygen application. According to this it is as well handy to install Putty application on your Linux server so that you can easily do keys conversion.
$ /opt/putty/bin/puttygen ~/.ssh/id_rsa -O private -o ~/.ssh/id_rsa.ppk # Convert OpenSSH RSA key to Putty key Enter passphrase to load key: $ /opt/putty/bin/puttygen ~/.ssh/id_dsa -O private -o ~/.ssh/id_dsa.ppk # Convert OpenSSH DSA key to Putty key puttygen: cannot both load and generate a key
