Howto::SSH Key: Difference between revisions

From Computer Science Wiki
Jump to navigation Jump to search
Carnold (talk | contribs)
Carnold (talk | contribs)
 
(5 intermediate revisions by the same user not shown)
Line 14: Line 14:
* Most linux and Mac OS operating systems come with the terminal command <code>ssh-keygen</code> built-in.  We recommend the following options: <code>ssh-keygen -t rsa -b 2048</code>
* Most linux and Mac OS operating systems come with the terminal command <code>ssh-keygen</code> built-in.  We recommend the following options: <code>ssh-keygen -t rsa -b 2048</code>
* It defaults to storing your private key at <code>~/.ssh/id_rsa</code> and public key at <code>~/.ssh/id_rsa.pub</code>
* It defaults to storing your private key at <code>~/.ssh/id_rsa</code> and public key at <code>~/.ssh/id_rsa.pub</code>
* This has the added convenience of storing your private key in the default location that the SSH client uses, saving you the step having to install the private key
* This has the added convenience of storing your private key in the default location that the SSH client uses, saving you the step of having to install the private key


=== Windows ===
=== Windows ===
We recommend using Windows built-in SSH client.  You can install this by going to Settings->Manage Optional Features and make sure that <code>OpenSSH Client</code> is installed.  See https://learn.microsoft.com/en-us/windows/terminal/tutorials/ssh
We recommend using Windows built-in SSH client.  You can install this by going to Settings->Manage Optional Features and make sure that <code>OpenSSH Client</code> is installed.  See https://learn.microsoft.com/en-us/windows/terminal/tutorials/ssh
* Windows has a similar terminal command called <code>ssh-keygen</code>
* Windows has a similar terminal command called <code>ssh-keygen</code>
* It will prompt your where to store the private key and defaults into your local profile.  This default is also where the client pulls from, saving you the step of having to install the private key for client use.
* It will prompt you where to store the private key and defaults into your local profile.  This default is also where the client pulls from, saving you the step of having to install the private key for client use.
* Alternatively, some people use a tool called PuTTY.  If you want to use PuTTY, see this external howto: https://www.ssh.com/academy/ssh/putty/windows/puttygen
* Alternatively, some people use a tool called PuTTY.  If you want to use PuTTY, see this external howto: https://www.ssh.com/academy/ssh/putty/windows/puttygen


Line 28: Line 28:
* Locate your public key file
* Locate your public key file
** On Linux it is usually the file <code>~/.ssh/id_rsa.pub</code>
** On Linux it is usually the file <code>~/.ssh/id_rsa.pub</code>
** On Windows it is usually in your profile under <code>%userprofile%\<username>\.ssh\id_rsa.pub</code>
** On Windows it is usually in your profile under <code>%userprofile%\.ssh\id_rsa.pub</code>
* Copy the text contents of your public key file
* Copy the text contents of your public key file
* Log into the machine you want to install the key on (such as rlogin.cs.vt.edu)
* Log into the machine you want to install the key on (such as rlogin.cs.vt.edu)
* Use a text editor to edit the file <code>~/.ssh/authorized_keys</code>
* Use a text editor to edit the file <code>~/.ssh/authorized_keys</code>
** Note you might to create this file, including the <code>.ssh</code> directory
** Note you might have to create this file, including the <code>.ssh</code> directory
* Append the text copied previously
* Append the text copied previously
* Save the file
* Save the file
Line 43: Line 43:
== Install private key on client ==
== Install private key on client ==
You need to use the private key to authenticate every time you want to log in without a password.  Your SSH client needs to know where to access the private key.
You need to use the private key to authenticate every time you want to log in without a password.  Your SSH client needs to know where to access the private key.
* If you used the key generation command on your client machine, then generally it already be set to where your client and read it
* If you used the key generation command on your client machine, then generally it is already set to where your client can read it
* If you generated the key on another machine, used a different tool, or a non default location then you will copy your private key into the correct location
* If you generated the key on another machine, used a different tool, or a non default location then you will need to copy your private key into the correct location


=== Linux or Mac OS ===
=== Linux or Mac OS ===

Latest revision as of 08:04, 29 August 2023

Using SSH Keys to log in without a password

This is general information on how to set up SSH key authentication and more specific instructions for using SSH key login with rlogin.cs.vt.edu

Overview

The basic steps for setting up SSH key login are the same for all platforms. Actual completion of the steps can vary depending on what tools you are using. These are the basic the steps:

  • Generate an SSH key pair (matching public and private keys)
  • Install the public key on the server (machine you SSH into)
  • Install the private key on your client (machine you SSH from)

Generate SSH key pair

Preferably you want to generate your SSH key pair on the machine that you want to SSH from. There are several tools, including some built-in ones, that can generate an SSH key pair for you. You need to keep the private key that is generated secure, it works just like a password. Most key generation tools will support an optional passphrase to encrypt your private key. We recommend using a passphrase for additional security.

Linux and Mac OS

  • Most linux and Mac OS operating systems come with the terminal command ssh-keygen built-in. We recommend the following options: ssh-keygen -t rsa -b 2048
  • It defaults to storing your private key at ~/.ssh/id_rsa and public key at ~/.ssh/id_rsa.pub
  • This has the added convenience of storing your private key in the default location that the SSH client uses, saving you the step of having to install the private key

Windows

We recommend using Windows built-in SSH client. You can install this by going to Settings->Manage Optional Features and make sure that OpenSSH Client is installed. See https://learn.microsoft.com/en-us/windows/terminal/tutorials/ssh

  • Windows has a similar terminal command called ssh-keygen
  • It will prompt you where to store the private key and defaults into your local profile. This default is also where the client pulls from, saving you the step of having to install the private key for client use.
  • Alternatively, some people use a tool called PuTTY. If you want to use PuTTY, see this external howto: https://www.ssh.com/academy/ssh/putty/windows/puttygen

Install public key on server

This step is probably the hardest, and most likely step to cause a problem with SSH key login. You need to take the contents of your public key that was generated earlier and "install" it on the machine that you want to SSH into, such as rlogin.cs.vt.edu.

Manually

  • Locate your public key file
    • On Linux it is usually the file ~/.ssh/id_rsa.pub
    • On Windows it is usually in your profile under %userprofile%\.ssh\id_rsa.pub
  • Copy the text contents of your public key file
  • Log into the machine you want to install the key on (such as rlogin.cs.vt.edu)
  • Use a text editor to edit the file ~/.ssh/authorized_keys
    • Note you might have to create this file, including the .ssh directory
  • Append the text copied previously
  • Save the file

Using web interface

  • This is for rlogin.cs.vt.edu only!
  • We offer a web interface to install the public key into your rlogin account
  • Go to https://admin.cs.vt.edu/my-ssh-keys/ to manage your rlogin SSH keys, including installing a new public key

Install private key on client

You need to use the private key to authenticate every time you want to log in without a password. Your SSH client needs to know where to access the private key.

  • If you used the key generation command on your client machine, then generally it is already set to where your client can read it
  • If you generated the key on another machine, used a different tool, or a non default location then you will need to copy your private key into the correct location

Linux or Mac OS

  • Copy your private key to the file ~/.ssh/id_rsa
  • Make sure the permissions are set properly: chmod 600 ~/.ssh/id_rsa

Windows

  • Copy your private key to the file %userprofile%\.ssh\id_rsa