API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 26th, 2019
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.06 KB | None | 0 0
raw download clone embed print report
  1. # SSH
  2.  
  3. ## Key Based Authentication
  4.  
  5. ```powershell
  6. ssh-keygen -t rsa -b 4096 # Create private key on your pc, -t for type, -b for byte lenght
  7. ssh-copy-id {user}@{server} # Copy that key to server
  8. ```
  9.  
  10. Consist of the **Private** and **Public** keys, and allows login to the servers without password. It's more secure than password login, because you basically using massive random string as your password. Public key should be known to the server and Private key should be keep secret. They mathematically linked together, using the Public key you can encrypt messages, and only Private key can decrypt it now. So when you ask the server for login, it will encrypt message using your Public key and send it to you, if you can decrypt it, then you the one that has Private key and it will log you in. Because of that you need to keep your Public key a secret.
  11.  
  12. When you create ssh keys, you can provide passphrase to encrypt this key on your machine. And every time you want to use it, you need to type this passphrase. To avoid that you can use **ssh-agent**. After that you need to copy your Public key to the server to the `~/.shh/authorized_keys` file. You can use **ssh-copy-id** or, if you can't use this command, manually copy Public key to that file, if file or directory doesn't exist, create them, and change permissions to 700 for directory and 600 for all files in it.
  13.  
  14. Optionally, after that, you can disable password login in `sshd_config`. But I don't see the point it that, because ssh key can be expandable, you can rotate them, or you can lose your private key because of the HDD malfunction. And now you can't log in to the server, because you disabled password login. For me better to change the password to the strong one, use password manager to store it. If you want more security, set up fail to ban system.
  15.  
  16. ## Config
  17.  
  18. You can create `~/.shh/config` file to use your own names for servers, so instead of typing `ssh username@10.10.10.10` you can type `ssh servername`.
  19.  
  20. Example of the config file:
  21.  
  22. ```powershell
  23. Host servername
  24. User username
  25. HostName 10.10.10.10
  26. ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!