Setting Up SSH Keys

July 16, 2019
home lab raspberry pi
Estimated Reading Time: 2 minute(s)


An SSH key is an alternative way to authenticate. Instead of manually typing in a password you have memorized, you may provide a file known as your “private key”. This private key can be thought of like the key to a lock, much like the password to a regular login. In general it is advised to have one key per machine, which makes them easier to roll. Additionally, I’d suggest using ssh config to make things easier, this is a great link.

Steps

  1. Generate a new public/private key pair

    `$ ssh-keygen -t rsa -C "SOME COMMENT"`
    
    You'll experience a similar questionare as below:
    
    ```
    Enter file in which to save the key (/home/demo/.ssh/id_rsa):
    
    Enter passphrase (empty for no passphrase):
    
    Output
    
    Generating public/private rsa key pair.
    
    Enter file in which to save the key (/home/demo/.ssh/id_rsa):
    
    Enter passphrase (empty for no passphrase):
    
    Enter same passphrase again:
    
    Your identification has been saved in /home/demo/.ssh/id_rsa.
    
    Your public key has been saved in /home/demo/.ssh/id_rsa.pub.
    
    The key fingerprint is:
    
    4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a
    
    The key's randomart image is:
    
    +--[ RSA 2048]----+
    |          .oo.   |
    |         .  o.E  |
    |        + .  o   |
    |     . = = .     |
    |      = S = .    |
    |     o + = +     |
    |      . o + o .  |
    |           . o   |
    |                 |
    +-----------------+
    ```
    
  2. Lock down the default ssh key folder to ensure its safes

    `$ sudo chmod 700 ~/.ssh`
    
  3. Lock down the private key to minimal usage

    `$ chmod 600 ~/.ssh/name-of-private-key`
    
  4. Lock down the public key, to a more lenient usage

    `$ chmod 644 ~/.ssh/name-of-public-key.pub`
    
  5. Send the public key to the server you’d like to authenticate with via SSH key

    `$ ssh-copy-id -i ~/.ssh/name-of-private-key user@host`
    

Note: only the public key is copied over

For more information, see this excellent Digital Ocean tutorial

Setting Up Wake On LAN

July 16, 2019
home lab raspberry pi

Provisioning Raspberry Pi Sd Card

May 4, 2019
raspberry pi

SD Card Wrong Capacity

April 29, 2019
sd card raspberry pi
comments powered by Disqus