SSH config file and RSA keys
I’m a biologist… and computer should remain simple because most of my time is spent behind a keybord, over network, working with several remote server. At the beginning, it was quite confusing to remember every couple of login@IpAdress as well as spicy passwords. But Open-Source community helped me to gain efficiency, providing me good advices and saving a lot of my time.
This post is about ssh configuration between your laptop and a remote server (both running under GNU/linux distros).
SSH config file
Since I discovered the ~/.ssh/config file, my work became easier : it works exactly like an alias.
You can type ssh Alias to connect directly on the right remote server (remote-serverA). Amazing, isn’t it ?
me@laptop:~$ nano .ssh/config
Host Alias HostName remote-serverA User login Port 22 ForwardX11 yes
Instead of typing « ssh login@remote-serverA -p 22« , you just have to type « ssh Alias« , followed by your password.
RSA keys
The second very useful things is a complementary trick, the rsa key. Briefly, it consist of a private key (stored on your laptop for the example) and a public key (stored on a remote server). When initiating the ssh connection, the remote server will send a random message to your laptop, waiting the same message returned encrypted by your private key. If the return-message while decrypted by the public key, corresponds to the initial random message, the ssh connection is allowed (without any password !!!) Nice, right ?
So you need to generate a private and a public keys for identifying the two machines.
On your laptop and give them to each machine (I’m using Debian jessie) just type :
me@laptop:~$ cd ~/.ssh/ me@laptop:~/.ssh$ ssh-keygen -t rsa -b 4096 -f remote-serverA
You will be asked for passphrase, you can let it empty. If not, you will have to type you passphrase during each connection (instead of your password… which is initialy what we want avoid).
In you ~/.ssh/ directory, you should see
me@laptop:~/.ssh$ ls
config remote-serverA remote-serverA.pub
You should copy the content on the remote server in a file named ~/.ssh/authorized_keys. There is two possibility,
do it manually :
First print using cat to conserve the one-line structure. More will split the string, adding newline character (« \n ») to fit the size of your screen.
me@laptop:~/.ssh$ cat remote-serverA.pub
It should look
AAZcjdE45jhf[long character string]SHFJJ45djkSFF== login@laptop
Copy it in your clipboard or whereever you want and open an ssh connection to the remote-serverA :
me@laptop:~/.ssh$ ssh login@remote-serverA -p 22 [enter your password] Welcome on Server A :) login@remote-serverA:~$
Edit the « authorized_keys » file :
login@remote-serverA:~$ nano ~/.ssh/authorized_keys
Careful : the content of your key should remain on one line !!!
the lazy way:
All this step can be done in a one-ligner syntax by adding the content of the public key directly on the « authorized_keys » file using the pipe symbol (« | »), all of this encapsulated by an ssh connection.
me@laptop:~$ cat ~/.ssh/remote-serverA.pub | ssh login@remote-serverA "cat - >> .ssh/authorized_keys"
It should work !
Just try it, and feel you free to ask, comment or correct me :
me@laptop:~$ ssh Alias Welcome on Server A ! login@remote-serverA:~$
Ressources :
https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
https://www.cyberciti.biz/faq/linux-generating-rsa-keys/