What is a rsa key?
RSA keys are a public key encryption method that keeps a private key on the host computer, and a public key on other machines. The public key is generated by a mathematical algorithm that can only be de-crypted with the private key. As long as the private key is kept confidential use of the keys is secure.
Why use rsa keys?
rsa keys are secure
The keys are secure because they can be encrypted on a users computer protecting the key from falling into the wrong hands, like a password printed on a sticky note and place on your desk. The rsa key is also secure because it allows a server administrator to shut off password authentication on remote servers making a brute force attack that utilizes password dictionaries impossible. By default the rsa key is 2048 bits but this can be altered with the -b option.
rsa keys are convenient
Keys are easy to create, and distribute. The key allows near instant authentication without stopping to type a password every time you need to jump onto a server.
Creating a key
From your Mac, Linux computer open the terminal and type the following
You will be asked a series of questions
user@testserver:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa):
To keep the default just press enter. By default this will create a file called id_rsa under /home/user/.ssh/
Next it will ask for a passphrase. You want to enter a passphrase. The passphrase is what protects your private key from being readable by others.
Enter passphrase (empty for no passphrase): Enter same passphrase again:
After entering the passphrase ssh-keygen will generate an rsa key and display a fingerprint like this:
Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: 49:ee:8c:73:d2:a3:53:b9:b4:50:63:19:34:a2:47:c2 user@testserver The key's randomart image is: +--[ RSA 2048]----+ | .. o.o | | E+ ... | | . . .o | | . o=. | | oSo | | .=+ | | ++*o | | .=o. | | .. | +-----------------+
If you cd into /home/<yourusername>/.ssh/ and list files you should see something similar to the below.
cd .ssh/ $ ls id_rsa id_rsa.pub known_hosts
We will be transferring the id_rsa.pub file to our remote server using “ssh-copy-id”
user@testserver:~$ ssh-copy-id 192.168.0.2 The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established. ECDSA key fingerprint is 10:0f:3b:de:3d:08:5a:3c:09:c8:81:c1:53:a2:94:9c. Are you sure you want to continue connecting (yes/no)? yes
If you haven’t connected to the remote server yet you will be asked to accept the fingerprint of the server you are connecting to. Just type yes and hit enter.
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys firstname.lastname@example.org's password:
Next you will be asked for the password for the user account on the remote server. Only users with a valid account can connect this way.
Now you should be able able to ssh to the remote server without being prompted for a password. You may have it input the passphrase to unlock the key file. However, if you are on a Mac or Linux desktop or laptop you can have it saved in your keychain and will not have to input the passphrase again.
ssh email@example.com Enter passphrase for key '/home/user/.ssh/id_rsa':
Using rsa key authentication will increase the security of your server network.
Luke has an RHCSA for Red Hat Enterpirse Linux 7 and currently works as a Linux Systems Adminstrator in Ohio.