Setting SSH using certificates

So rather than running SSH with passwords, no matter how strong, using certificate file is supposed to be more secure. For me, it's just easier than typing a password all the time. Especially when scripts are involved.

SSH background

There is an in-depth article regarding SSH Keys on ssh.com which gives a more detailed editorial than I would be able to, and a great article on how to Set up an SSH Server on a home computer by a chap called Zach Duey which is very well written and explains in more than usual detail what it is to set up an SSH server.

In this article, here, I will be listing the commands I used to set up my own SSH server on a hosted platform. In al honesty, it's more for me, than for you :-)[^1]

Public and Private Keys

Generating RSA Keys

The first step involves creating a set of RSA keys for use in authentication. This should be done on the client. To create your public and private SSH keys on the command-line:

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ ssh-keygen -t rsa

You will be prompted for a location to save the keys, and a passphrase for the keys. This passphrase will protect your private key while it's stored on the hard drive:

Transfer Client Key to Host

The key you need to transfer to the host is the public one. If you can log in to a computer over SSH using a password, you can transfer your RSA key by doing the following from your own computer:

$ ssh-copy-id <username>@<host>

Removing that key

To remove the host, you should use the -R switch.

$ ssh-keygen -R <hostname>

[1^]: I'll probably be setting this up next Using Emojis with Pelican and Python Markdown, thank you Philipp Wagner.

links

social