From da7fb397c27fb18cfac6ccc396503335630e6f2b Mon Sep 17 00:00:00 2001 From: Pete Travis Date: Mon, 14 Apr 2014 12:57:44 -0600 Subject: added a recipe for ssh keys --- en-US/Security/ssh-keygen.xml | 133 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 en-US/Security/ssh-keygen.xml diff --git a/en-US/Security/ssh-keygen.xml b/en-US/Security/ssh-keygen.xml new file mode 100644 index 0000000..4435c0a --- /dev/null +++ b/en-US/Security/ssh-keygen.xml @@ -0,0 +1,133 @@ + + + %BOOK_ENTITIES; +]> + + + +
+ Creating SSH Keys + + Secure Shell, or SSH, is a powerful and popular tool for connecting to Fedora systems over local or global networks. SSH is more secure when used with keys. Like a physical key and lock, an ssh public and private key are paired to work only with each other. Using keys can make connecting easier, and systems that use keys can be made more secure by turning off ssh password access. + +
+ Required Ingredients + + + + openssh-clients - Package, comes by default on most systems. + + + openssh - Package, comes by default on most systems. + + + Working Network Connection - Network services need a network! + + + Target host - Another computer that you have network and password access to. You will need either an IP address or a domain name for this machine. + + + + Local testing + + To test ssh access against the local machine instead of another on the network, use localhost as the target hostname. + + + +
+
+ Directions + + Setting up SSH Keys + + Create the key. + + ssh-keygen -b 4096 -N "secret" -f ~/.ssh/target_id_isa + + + + If you don't declare any options, ssh-keygen will ask for the required minimum interactively. Read about the example's options below, or find more options in man ssh-keygen. + + + -b 4096 : Generates a 4096-bit key, stronger than the default. + + + -n secret : A passphrase for the key. Optional, but strongly recommended. + + + -f ~/.ssh/target_id_rsa : The file to create. Call the file anything, but store it in ~/.ssh/ + + + + + + Copy the public key to your target. + + + ssh-copy-id -i ~/.ssh/target_id_rsa.pub target_ip + + + + + The ssh-copy-id utility opens an ssh connection to the target using password authentication and adds the contents of the public key to ~/.ssh/authorized_keys`. The file can also be shared by other means and appended to authorized_keys manually, a method used for systems where password authentication cannot be turned on. + + cat target_id_rsa.pub >> ~/.ssh/authorized_keys + + + + + + Test the key: + + + ssh -i ~/.ssh/target_id_rsa -o PasswordAuthentication=no target_ip + + + + + + Add an entry in your client ssh configuration for the key. ssh will try all keys in ~/.ssh/ when connecting to any host unless configured otherwise, so configuring it to only use keys that are explicitly paired to a host will reduce rejected authentication attempts and speed connections. + + + Editing <filename>~/.ssh/config</filename> + + + Host * + IdentitiesOnly yes + + Host target_ip + PasswordAuthentication No + IdentityFile ~/.ssh/target_id_rsa + + + + +
+ +
+ References + + + ssh-keygen(1) - manual for ssh-keygen + + + + ssh-copy-id(1) - manual for ssh-copy-id + + + + ssh-config(5) - manual for ssh client configuration files + + +
+ +
+ + -- cgit