Using SSH keys for login¶
Linux / Windows 10+¶
SSH keys is a good way to improve security for SSH logins by not using password authentication.
Create your SSH keys in ~/.ssh/
- Run
ssh-keygenin a terminal- id_ed25519 (your private key, keep secure it is like knowing your password)
- id_ed25519.pub (your public key, you copy this places you want to recognize you)
This right here is the easy way to do something I did by hand for a long time:
ssh-copy-id -p 2222 username@ssh.blinkenshell.org
This appends ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys file of the remote host. It also removes group writability on ~/.ssh and ~/.ssh/authorized_keys
The manual way to do it is as follows:
scp -P 2222 ~/.ssh/id_rsa.pub username@ssh.blinkenshell.org:~/.ssh/authorized_keys
Which seems just as easy, but is not, if you already have an authorized key file and want to append to it rather than overwrite it. Plus, ssh-copy-id will create ~/.ssh if it does not already, which it won't, if you have not ssh'd out from that account on that box. In which case it would be something like this:
ssh -p 2222 username@ssh.blinkenshell.org mkdir .ssh
scp -P 2222 ~/.ssh/id_rsa.pub username@ssh.blinkenshell.org :
ssh -p 2222 username@ssh.blinkenshell.org cat id_rsa.pub >> .ssh/authorized_keys && rm id_rsa.pub && chmod -R 740 .ssh
Example Blinkenshell ~/.ssh/config Entry
This goes in ~/.ssh/config on the machine you are ssh'ing out of:
Host blink
Port 2222
User arthax0r
Hostname ssh.blinkenshell.org
With blank lines between entries for other hosts, and you can leave the port line out if it is on 22 as is standard. Also, you can leave out the user name is the same on both hosts.
Now that you have a config file, it's as easy as this:
ssh-copy-id blink
ssh blink
Voila! No password prompt or long command line bs for ssh/scp, cuz you can also do this:
scp -r [[MySweetDirectoryFullOfGoodies]] blink:~/wherever/you/want
Enjoy your knew ssh pimp cane!
/ -ah'2010
Older Windows¶
- install pageant from putty
- exchanges keys
- launch pageant
- enter your secret passphrase
-
On the server convert your PuttyGen key to openssh format:
ssh-keygen -i -f puttygen_key > openssh_key