Difference between revisions of "How To Set Up SSH Keys"
Khojanator (talk | contribs) (Created page with "This mini-tutorial assumes that you have the knowledge of SSH, remote servers (CS and Cluster worlds at Earlham, to be specific) and basic Unix environment. Let's begin. * St...") |
|||
(12 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | This mini-tutorial assumes that you have the knowledge of SSH, remote servers (CS and Cluster worlds at Earlham, to be specific) and | + | This mini-tutorial shows how to set up ssh keys, and assumes that you have the basic knowledge of SSH, remote servers (CS and Cluster worlds at Earlham, to be specific) and Unix environment. |
− | + | === SSH Key Setup === | |
− | |||
− | -t specifies the type of key to create. You can check the possible options in the help. Since we are creating an RSA key, we will use -t rsa. -b flag specifies the number of bits for the key. It is common to use 2048 or 4096 as possible values for this flag. Press enter for all questions | + | 1. Create the RSA key pair on your machine (laptop, desktop, etc.): |
+ | user$ ssh-keygen -t rsa -b 4096 | ||
+ | |||
+ | * -t flag specifies the type of key to create. You can check the possible options in the help. Since we are creating an RSA key, we will use -t rsa. | ||
+ | * -b flag specifies the number of bits for the key. It is common to use 2048 or 4096 as possible values for this flag. | ||
+ | |||
+ | Press enter for all questions to keep the defaults. You may change the defaults, but it is preferred not to. Also, it is common to leave the passphrase empty. The entire point of ssh keys is to make login easier and faster, and passphrase defeats the purpose, I believe. With defaults, your public key will be saved in ~/.ssh/id_rsa.pub and private key will be saved in ~/.ssh/id_rsa file. | ||
+ | |||
+ | 2. Copy the public id to remote host (for most people this will be user@bowie.cs.earlham.edu or user@cluster.earlham.edu). | ||
+ | user$ ssh-copy-id user@remote.host | ||
+ | |||
+ | You can install ssh-copy-id if it doesn't exist already, | ||
− | |||
− | |||
− | |||
OR, | OR, | ||
+ | |||
manually copy it as follows | manually copy it as follows | ||
− | |||
− | |||
− | + | user$ cat ~/.ssh/id_rsa.pub | ssh user@remote.host "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys" | |
− | Now that you have the key setup, and know how to use vi editor, let's create a config file. Personally, I enjoy the ability to type | + | |
− | + | Note that, user@remote.host should be replaced with appropriate terms. If you already have an .ssh directory on the remote host, you just need: | |
− | Enter the insert mode | + | |
− | + | user$ cat ~/.ssh/id_rsa.pub | ssh user@remote.host "cat >> ~/.ssh/authorized_keys" | |
− | + | ||
− | + | After you've succsessfully copied over the SSH key, you should be able to ssh directly into the remote server with | |
+ | |||
+ | ssh user@remote.host | ||
+ | |||
+ | (user is still your username, and remote.host is still the server you're trying to access, like bowie.cs.earlham.edu) | ||
+ | |||
+ | 3. Create a config file (Optional) | ||
+ | Now that you have the key setup, and know how to use vi editor, let's create a config file. Personally, I enjoy the ability to type <code>ssh tools</code> and let ssh config take over, instead of typing <code>ssh user@tools.cs.earlham.edu</code>. For that, | ||
+ | |||
+ | user$ vi ~/.ssh/config | ||
+ | |||
+ | Enter the insert mode, and create the config, as follows: | ||
+ | |||
+ | Host $hostname_you_want_to_use | ||
+ | HostName $complete_hostname | ||
+ | User $username | ||
$ sign indicates variable, so you should replace your username with $username, and you can use tools in place of $hostname_you_want_to_use, tools.cs.earlham.edu in place of $complete_hostname. | $ sign indicates variable, so you should replace your username with $username, and you can use tools in place of $hostname_you_want_to_use, tools.cs.earlham.edu in place of $complete_hostname. | ||
− | Similarly, you can add more hosts to this config file with a line space between each. | + | Similarly, you can add more hosts to this config file with a line space between each. For e.g., a file with multiple configs might look like: |
+ | Host host1 | ||
+ | HostName remote.host.1 | ||
+ | User username | ||
+ | |||
+ | Host host2 | ||
+ | HostName remote.host.2 | ||
+ | User username | ||
+ | |||
+ | Host host3 | ||
+ | HostName remote.host.3 | ||
+ | User username | ||
+ | |||
+ | === SSH key setup when the usernames are not the same === | ||
+ | On the local machine: | ||
+ | * ssh-keygen -t rsa and/or ssh-keygen -t dsa | ||
+ | * ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote.host and/or dsa | ||
+ | * test with ssh user@remote.host | ||
+ | |||
+ | Tested and working 2022 |
Latest revision as of 21:04, 2 September 2023
This mini-tutorial shows how to set up ssh keys, and assumes that you have the basic knowledge of SSH, remote servers (CS and Cluster worlds at Earlham, to be specific) and Unix environment.
SSH Key Setup
1. Create the RSA key pair on your machine (laptop, desktop, etc.):
user$ ssh-keygen -t rsa -b 4096
- -t flag specifies the type of key to create. You can check the possible options in the help. Since we are creating an RSA key, we will use -t rsa.
- -b flag specifies the number of bits for the key. It is common to use 2048 or 4096 as possible values for this flag.
Press enter for all questions to keep the defaults. You may change the defaults, but it is preferred not to. Also, it is common to leave the passphrase empty. The entire point of ssh keys is to make login easier and faster, and passphrase defeats the purpose, I believe. With defaults, your public key will be saved in ~/.ssh/id_rsa.pub and private key will be saved in ~/.ssh/id_rsa file.
2. Copy the public id to remote host (for most people this will be user@bowie.cs.earlham.edu or user@cluster.earlham.edu).
user$ ssh-copy-id user@remote.host
You can install ssh-copy-id if it doesn't exist already,
OR,
manually copy it as follows
user$ cat ~/.ssh/id_rsa.pub | ssh user@remote.host "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
Note that, user@remote.host should be replaced with appropriate terms. If you already have an .ssh directory on the remote host, you just need:
user$ cat ~/.ssh/id_rsa.pub | ssh user@remote.host "cat >> ~/.ssh/authorized_keys"
After you've succsessfully copied over the SSH key, you should be able to ssh directly into the remote server with
ssh user@remote.host
(user is still your username, and remote.host is still the server you're trying to access, like bowie.cs.earlham.edu)
3. Create a config file (Optional)
Now that you have the key setup, and know how to use vi editor, let's create a config file. Personally, I enjoy the ability to type ssh tools
and let ssh config take over, instead of typing ssh user@tools.cs.earlham.edu
. For that,
user$ vi ~/.ssh/config
Enter the insert mode, and create the config, as follows:
Host $hostname_you_want_to_use HostName $complete_hostname User $username
$ sign indicates variable, so you should replace your username with $username, and you can use tools in place of $hostname_you_want_to_use, tools.cs.earlham.edu in place of $complete_hostname.
Similarly, you can add more hosts to this config file with a line space between each. For e.g., a file with multiple configs might look like:
Host host1 HostName remote.host.1 User username Host host2 HostName remote.host.2 User username Host host3 HostName remote.host.3 User username
SSH key setup when the usernames are not the same
On the local machine:
- ssh-keygen -t rsa and/or ssh-keygen -t dsa
- ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote.host and/or dsa
- test with ssh user@remote.host
Tested and working 2022