Secure Shell (SSH) is a tool for secure system administration, file transfers, and other communication across the Internet or other untrusted network. It encrypts identities, passwords, and transmitted data so that they cannot be eavesdropped on and stolen. Also, SSH by definition is a cryptographic network protocol for operating network services securely over an unsecured network. In simple terms, it allows for remote command line, login, and remote command execution in a reliable way.
When you are managing multiple systems it becomes harder and harder to remember usernames and credentials for each system every time you have to login or remotely execute a command or procedure. SSH allows the use of encrypted public key authentication to eliminate the manual authentication login process.
To leverage this capability, you will need OpenSSH, which is an open-source implementation of the SSH protocol. The software packages are available for every major Linux distribution, MacOS, and as you may already know, Windows 10 includes built-in SSH software – both a client and a server! OpenSSH is a suite of command-line utilities, to create the SSH key pair we will use one of the available utilities, ssh-keygen.
First, let’s understand and describe briefly how the SSH key pair works. As already mentioned SHH provides an authentication mechanism based on cryptographic keys, a public, and a private key. The public key when is copied to a server and used for log in purposes is also called the authorized key. The private key should always remain with the user, this key contains the user identity and when combining with the public key it allows for user authentication. It should safely be handle and store, and you should not make copies of it. The private key is also called an identity key when used for authentication purposes.
Now let generate a key pair using the OpenSSH utilities. To generate the key is as simple as typing ssh-keygen in the command line and hit enter. For my example, I will add some additional arguments to specify the type of algorithm, key size, and filename for my key pair. By default, both keys are saved on the .ssh directory on your home directory but can be saved on any folder you want using the -f option and desired path.
$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/mykey
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/mykey
Your public key has been saved in /home/user/.ssh/mykey.pub
The key fingerprint is:
SHA256:cftQGdu7ZP2obK+DIlGAevRjKT0jJbt0IIQRuj7XHY8 user@host
The key's randomart image is:
+---[RSA 4096]----+
|o=. . . |
|o . = o = |
|. + B o. . + . |
| .. * X .o o o |
|. o * *S o + .|
|. o o + o o o.|
| o . . E . .. o .|
| o . . ..o. |
| . . .++. |
+----[SHA256]-----+Now we will copy our public key to the target server using the ssh-copy-id utility on the command line. To copy this, you will need a valid username and password credentials on the target host that will need to enter once during to copy procedure. After the public key is copy to the target server it will be installed in an authorized key file in the .ssh directory under the user home directory on that target server.
ssh-copy-id -i ~/.ssh/mykey.pub user@hostKeep in mind that this is a simple but important mechanism that is necessary and very useful for remote administration, automated configuration, and remote installation of software.
The Ad-Hoc Lab 