Creating, using and managing SSH keys
Create a new key for your machine
ssh-keygen -t rsa
CHOOSE A STRONG PASSPHRASE, EMPTY PASSPHRASE == BAD
If someone has access to your machine via social engineering or tech exploit, your key can be stolen and used to login in all the machines and services without password.
Install your key on the machines where you need to log in
Handy function to put in your shell config
In your shell resource file (~/.zhrc, ~/.bashrc,...
) add the following function:
ssh-install-key() {
cat ~/.ssh/id_rsa.pub | ssh ${1} "cat - >> ~/.ssh/authorized_keys"
}
Now you can install your main key, id_rsa.pub
, directly to a target machine:
ssh-install-key username@super.server.nl
Using your keys
With keychain
Keychain is a software that will keep track of which keys are available in your system and will only ask your passphrase once per session instead. It is a front-end to ssh-add and ssh-agent.
Add the following in your shell resource file:
if [ -e ~/.ssh/id_rsa ]
then
keychain --quiet --nogui ~/.ssh/id_rsa
. ~/.keychain/${HOSTNAME}-sh
fi
Now restart your session and you will be prompted, once for your passphrase. After that you can directly ssh/scp to the machines where your installed your key and you will not be prompted for any passwords!
ssh username@super.server.nl
Using aliases for your SSH connections
To make your life even easier you can edit (create if non existent) the ~/.ssh/config
file to create Host SSH aliases for the machines you need to connect to. You can also pass all the SSH options you might want to add, for instance:
Host super
User username
Hostname super.server.nl
Host super2
User anotherusername
Hostname super.serverl.nl
Port 12345
ForwardAgent yes
Now when you want to ssh
/scp
to your server you can just do the following:
ssh super