How to secure an ssh connection with a private key.
Let suppose you want to setup and ssh connection between your laptop and your desktop computer or the university's server.
First and foremost: DO NOT use password authentification with ssh, ssh ports are attacked continuously, this is even more important if you ssh outside of the local network.
So, let's suppose you have acces to the remote server via physical interaction, remote desktop or telepathy. The process of creating the ssh key and publishing it is really simple.
You first have to generate you identity, taking the shape of an rsa key.
$ ssh-keygen
You better give a name to the key, avoid overwriting id\_rsa if it exists.
Generating public/private rsa key pair.
Enter file in which to save the key
(/home/kaeryv/.ssh/id_rsa):/home/kaeryv/.ssh/tutokey_rsa
Using a password is only required if you feel like your key could be stolen, it will slow down the attacker but keep in mind passwords will break.
Now that we have our id, let s tell the server to remember it with
ssh-copy-id -i ~/.ssh/tutokey_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:
"/home/kaeryv/.ssh/tutokey_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed
-- if you are prompted now it is to install the new keys
[email protected] s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh [email protected]"
and check to make sure that only the key(s) you wanted were added.
Then, you can add an entry to your `~/.ssh/config` like so
Host tuto
HostName
User kaeryv
ForwardX11 yes
ForwardAgent yes
IdentityFile ~/.ssh/tutokey_rsa
Afterwards, you can connect by simply typing in
$ ssh tuto
home