2. WHAT IS SSH
SECURE SHELL
▸ Secure Shell (SSH) is a cryptographic network protocol for operating network
services securely over an unsecured network. The best known example
application is for remote login to computer systems by users.
▸ SSH provides a secure channel over an unsecured network in a client-server
architecture, connecting an SSH client application with an SSH server. Common
applications include remote command-line login and remote command
execution, but any network service can be secured with SSH. The protocol
specification distinguishes between two major versions, referred to as SSH-1
and SSH-2.
3. THE SSH PROTOCOL
An SSH key is an access credential in the SSH protocol. Its function is similar to that of user names and
passwords, but the keys are primarily used for automated processes and for implementing single sign-
on by system administrators and power users.
4. SSH
HOW TO CREATE A KEY PAIR
▸ The simplest way to generate a key pair is to run ssh-keygen without arguments.
In this case, it will prompt for the file in which to store keys. Here's an example:
vsbook (11:39) ~>ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vitalii/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vitalii/.ssh/id_rsa.
Your public key has been saved in /home/vitalii/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Up6KjbnEV4Hgfo75YM393QdQsK3Z0aTNBz0DoirrW+c vitalii@vsbook
The key's randomart image is:
+---[RSA 2048]----+
| . ..oo..|
| . . . . .o.X.|
| . . o. ..+ B|
| . o.o .+ ..|
| ..o.S o.. |
| . %o= . |
| @.B... . |
| o.=. o. . . .|
| .oo E. . .. |
+----[SHA256]-----+
vsbook (11:40) ~>
5. SSH
HOW TO CHANGE THE PASSWORD OF “ID_RSA” FILE
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
-P passphrase
Provides the (old) passphrase.
-p
Requests changing the passphrase of a private key file instead of creating
a new private key. The program will prompt for the file containing the
private key, for the old passphrase, and twice for the new passphrase.
Example:
ssh-keygen -p -f ~/.ssh/knowledge_base_key -P "oldpass" -N “newpass"
6. SSH
HOW COPY THE KEY TO A SERVER
ssh-copy-id -i ~/.ssh/id_rsa devops@devops.deltavn.vn
“AUTHORIZED_KEYS”
The authorized_keys file in SSH specifies the SSH keys that can be used for logging into the user
account for which the file is configured.
SSH-RSA AAAAB3NZAC1YC2EAAAABIWAAAIEA0KJDLOIIXJ9XDMXICT9KVAKFUXFQI+CIIKLAN5HHSNGYOU7TIJQYONEU5FONLOAO/
CSHLA+KUARGYTRTIZWCP4TPCTXZHHJRM0GUDJRAGW7SMVIS/5XJBGAYHKJ1YUMGO7+NJTMSCLX6PFOLQYVEURIIVVCCZERGCLH+UTSXK3Z+L7HX9NIDG3/
YLOLC3F3SLXRJKN0GMTGK7BHJFXO4PGUUPJWZLVDUDX+XKIQTT2N4ISYS6N9QVFG3ZUGNLEJZM47NK/YTAC0MAX98PK+QNZSUAQOO/
ISHJ1TOW5WWSCFLPARVJ2AYROQAE7CFQG7Q12I9OLASFD3U5NAZFZCTYAVWA1KZ9UZEWLJ1BR1XOKPQOLEMM8KCP/PXZZ8H0KISKMIJI0/
QUIZOPEBSKLSZXJLALCXR8MG1UIZVWY48I9JHEYXYJ1TOCJ6CPSCPGFHP3DAGSLKKBE1EFAVFEEYGANHESLNDDG3GQ5XSSB9OKQM3V5T8GPFAJBV68BXQ4BK6HJ21A3CINV4LD
V3HR/OBUBDG2ECI+ZKRDJLPJUU4YU= VITALII@FECREDIT.COM.VN
SSH-RSA
AAAAB3NZAC1YC2EAAAABIWAAAIEAYWWHRWQ4FJHT+UUWZCZEPXTJTZOENFPOJUFYCAYSO2NTLZNWNAQEQRFBQSUXKVTOTGXGAPIKUVJRIJNBDJE6IOZVBXZHHJRM0GUDJRAG
W7SMVIS/5XJBGAYHKJ1YUMGO7+NJTMSCLX6PFOLQYVEURIIVVCCZERGCLH+UTSXK3Z+L7HX9NIDG3/
YLOLC3F3SLXRJKN0GMTGK7BHJFXO4PGUUPJWZLVDUDX+XKIQTT2N4ISYS6N9QVFG3ZUGNLEJZM47NK/YTAC0MAX98PK+QNZSUAQOO/
ISHJ1TOW5WWSCFLPARVJ2AYROQAE7CFQG7Q12I9OLASFD3U5NAZFZCTYAVWA1KZ9UZEWLJ1BR1XOKPQOLEMM8KCP/PXZZ8H0KISKMIJI0/
QUIZOPEBSKLSZXJLALCXR8MG1UIZVWY48I9JHEYXYJ1TOCJ6CPSCPGFHP3DAGSLKKBE1EFAVFEEYGANHESUXC9WKSEFZCEYMJ+RGJXMKBXNZMYYCBWSSQAEGJPMEUDLWZU2
GD0OBBZ0HXQG9J1XALLOP5AVDKFESZZCC= SHARAVARA@FECREDIT.COM.VN
7. SUMMARY
How to create a new id_rsa file
ssh-keygen -t rsa -b 4096 -C "iaroslav.kupriianov@fecredit.com.vn" -f iaroslav.kupriianov_id_rsa
How to check key identity
ssh-keygen -l -i iaroslav.kupriianov_id_rsa
How to change the password
ssh-keygen -p -f iaroslav.kupriianov_id_rsa -P "12345678" -N "12345"
How to upload pulic key to the server
ssh-copy-id -i iaroslav.kupriianov_id_rsa.pub devops@devops01.deltavn.vn
How to connect to the server
ssh -i iaroslav.kupriianov_id_rsa devops@devops01.deltavn.vn
8. USE SSH KEYS WITH PUTTY ON WINDOWS
USE EXISTING PUBLIC AND PRIVATE KEYS
Launch PuTTYgen from the Windows Programs list
1. Click Conversions from the PuTTY Key Generator menu and select Import key.
2. Navigate to the OpenSSH private key and click Open.
3. Under Actions / Save the generated key, select Save private key.
4. Choose an optional passphrase to protect the private key.
5. Save the private key to the desktop as id_rsa.ppk.
9. USE SSH KEYS WITH PUTTY ON WINDOWS
CONNECT TO SERVER WITH PRIVATE KEY
1. Enter the remote server Host Name or IP address under Session.
2. Navigate to Connection > SSH > Auth.
3. Click Browse... under Authentication parameters / Private key file for authentication.
4. Locate the id_rsa.ppk private key and click Open.
5. Finally, click Open again to log into the remote server with key pair authentication.