Difference between revisions of "How To Set Up SSH Keys"

From Earlham CS Department
Jump to navigation Jump to search
(Created page with "This mini-tutorial assumes that you have the knowledge of SSH, remote servers (CS and Cluster worlds at Earlham, to be specific) and basic Unix environment. Let's begin. * St...")
 
 
(12 intermediate revisions by 5 users not shown)
Line 1: Line 1:
This mini-tutorial assumes that you have the knowledge of SSH, remote servers (CS and Cluster worlds at Earlham, to be specific) and basic Unix environment. Let's begin.
+
This mini-tutorial shows how to set up ssh keys, and assumes that you have the basic knowledge of SSH, remote servers (CS and Cluster worlds at Earlham, to be specific) and Unix environment.
  
* Step One - Create the RSA key pair
+
=== SSH Key Setup ===
  > user$ ssh-keygen -t rsa -b 4096
 
  
-t specifies the type of key to create. You can check the possible options in the help. Since we are creating an RSA key, we will use -t rsa. -b flag specifies the number of bits for the key. It is common to use 2048 or 4096 as possible values for this flag. Press enter for all questions, you may change the defaults, but it is preferred not to. Also, it is common to leave the passphrase empty. The entire point of ssh keys is to make login easier and faster, and passphrase defeats the purpose, I believe. So, your public key will be saved in ~/.ssh/id_rsa.pub and private key will be saved in ~/.ssh/id_rsa.
+
1. Create the RSA key pair on your machine (laptop, desktop, etc.):
 +
user$ ssh-keygen -t rsa -b 4096
 +
 
 +
* -t flag specifies the type of key to create. You can check the possible options in the help. Since we are creating an RSA key, we will use -t rsa.
 +
* -b flag specifies the number of bits for the key. It is common to use 2048 or 4096 as possible values for this flag.
 +
 
 +
Press enter for all questions to keep the defaults. You may change the defaults, but it is preferred not to. Also, it is common to leave the passphrase empty. The entire point of ssh keys is to make login easier and faster, and passphrase defeats the purpose, I believe. With defaults, your public key will be saved in ~/.ssh/id_rsa.pub and private key will be saved in ~/.ssh/id_rsa file.
 +
 
 +
2. Copy the public id to remote host (for most people this will be user@bowie.cs.earlham.edu or user@cluster.earlham.edu).
 +
user$ ssh-copy-id user@remote.host
 +
 
 +
You can install ssh-copy-id if it doesn't exist already,
  
* Step Two - Copy the public id to remote host.
 
> user$ ssh-copy-id user@remote.host
 
You can install ssh-copy-id if it doesn't exist already.
 
 
OR,
 
OR,
 +
 
manually copy it as follows
 
manually copy it as follows
> user$ cat ~/.ssh/id_rsa.pub | ssh user@remote.host "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
 
Note that, user@remote.host should be replaced with appropriate terms.
 
  
* Step Three - Create a config file (Optional)
+
user$ cat ~/.ssh/id_rsa.pub | ssh user@remote.host "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
Now that you have the key setup, and know how to use vi editor, let's create a config file. Personally, I enjoy the ability to type `ssh tools` and let ssh config take over, instead of typing `ssh user@tools.cs.earlham.edu`. For that,
+
 
  > user$ vi ~/.ssh/config
+
Note that, user@remote.host should be replaced with appropriate terms. If you already have an .ssh directory on the remote host, you just need:
Enter the insert mode
+
 
  > Host $hostname_you_want_to_use # tools, from the example above
+
user$ cat ~/.ssh/id_rsa.pub | ssh user@remote.host "cat >> ~/.ssh/authorized_keys"
> HostName $complete_hostname # tools.cs.earlham.edu, from the example above
+
 
> User $username
+
After you've succsessfully copied over the SSH key, you should be able to ssh directly into the remote server with
 +
 
 +
ssh user@remote.host
 +
 
 +
(user is still your username, and remote.host is still the server you're trying to access, like bowie.cs.earlham.edu)
 +
 
 +
3. Create a config file (Optional)
 +
Now that you have the key setup, and know how to use vi editor, let's create a config file. Personally, I enjoy the ability to type <code>ssh tools</code> and let ssh config take over, instead of typing <code>ssh user@tools.cs.earlham.edu</code>. For that,
 +
 
 +
  user$ vi ~/.ssh/config
 +
 
 +
Enter the insert mode, and create the config, as follows:
 +
 
 +
  Host $hostname_you_want_to_use
 +
  HostName $complete_hostname
 +
  User $username
  
 
$ sign indicates variable, so you should replace your username with $username, and you can use tools in place of $hostname_you_want_to_use, tools.cs.earlham.edu in place of $complete_hostname.
 
$ sign indicates variable, so you should replace your username with $username, and you can use tools in place of $hostname_you_want_to_use, tools.cs.earlham.edu in place of $complete_hostname.
  
Similarly, you can add more hosts to this config file with a line space between each.
+
Similarly, you can add more hosts to this config file with a line space between each. For e.g., a file with multiple configs might look like:
 +
Host host1
 +
  HostName remote.host.1
 +
  User username
 +
 +
Host host2
 +
  HostName remote.host.2
 +
  User username
 +
 +
Host host3
 +
  HostName remote.host.3
 +
  User username
 +
 
 +
=== SSH key setup when the usernames are not the same ===
 +
On the local machine:
 +
* ssh-keygen -t rsa and/or ssh-keygen -t dsa
 +
* ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote.host and/or dsa
 +
* test with ssh user@remote.host
 +
 
 +
Tested and working 2022

Latest revision as of 21:04, 2 September 2023

This mini-tutorial shows how to set up ssh keys, and assumes that you have the basic knowledge of SSH, remote servers (CS and Cluster worlds at Earlham, to be specific) and Unix environment.

SSH Key Setup

1. Create the RSA key pair on your machine (laptop, desktop, etc.):

user$ ssh-keygen -t rsa -b 4096
  • -t flag specifies the type of key to create. You can check the possible options in the help. Since we are creating an RSA key, we will use -t rsa.
  • -b flag specifies the number of bits for the key. It is common to use 2048 or 4096 as possible values for this flag.

Press enter for all questions to keep the defaults. You may change the defaults, but it is preferred not to. Also, it is common to leave the passphrase empty. The entire point of ssh keys is to make login easier and faster, and passphrase defeats the purpose, I believe. With defaults, your public key will be saved in ~/.ssh/id_rsa.pub and private key will be saved in ~/.ssh/id_rsa file.

2. Copy the public id to remote host (for most people this will be user@bowie.cs.earlham.edu or user@cluster.earlham.edu).

user$ ssh-copy-id user@remote.host

You can install ssh-copy-id if it doesn't exist already,

OR,

manually copy it as follows

user$ cat ~/.ssh/id_rsa.pub | ssh user@remote.host "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"

Note that, user@remote.host should be replaced with appropriate terms. If you already have an .ssh directory on the remote host, you just need:

user$ cat ~/.ssh/id_rsa.pub | ssh user@remote.host "cat >> ~/.ssh/authorized_keys"

After you've succsessfully copied over the SSH key, you should be able to ssh directly into the remote server with

ssh user@remote.host

(user is still your username, and remote.host is still the server you're trying to access, like bowie.cs.earlham.edu)

3. Create a config file (Optional) Now that you have the key setup, and know how to use vi editor, let's create a config file. Personally, I enjoy the ability to type ssh tools and let ssh config take over, instead of typing ssh user@tools.cs.earlham.edu. For that,

user$ vi ~/.ssh/config

Enter the insert mode, and create the config, as follows:

Host $hostname_you_want_to_use
 HostName $complete_hostname
 User $username

$ sign indicates variable, so you should replace your username with $username, and you can use tools in place of $hostname_you_want_to_use, tools.cs.earlham.edu in place of $complete_hostname.

Similarly, you can add more hosts to this config file with a line space between each. For e.g., a file with multiple configs might look like:

Host host1
 HostName remote.host.1
 User username

Host host2
 HostName remote.host.2
 User username

Host host3
 HostName remote.host.3
 User username

SSH key setup when the usernames are not the same

On the local machine:

  • ssh-keygen -t rsa and/or ssh-keygen -t dsa
  • ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote.host and/or dsa
  • test with ssh user@remote.host

Tested and working 2022