SSH Key concept in Linux

Posted: November 10, 2016 in Server Administration, SSH KEY Concept

SSH Key concept in Linux

 SSH – secure shell

              It is used to connect Linux server remote using command line. Also ssh mentioned as secure shell. So what secure technical way followed? So for that ssh introduced concept is called ssh keys as private and public key authentication method to access your server.

For server-client model method some known user also access your server and some unknown attacker also access your server that case you have authenticate whom want access your server securely, For that thing used as ssh-key concept.

screenshot_1

ssh-key

SSH keys are used for secure connections across a network. They come in pairs, so you have a public key and a private key.

ssh-keygen

[root@Master ~]# ls -al

total 20

dr-xr-x—. 2 root root 4096 Nov 10 00:38 .

dr-xr-xr-x. 23 root root 4096 Nov 9 21:51 ..

-rw——-. 1 root root 2335 Nov 8 08:03 anaconda-ks.cfg

-rw-r–r–. 1 root root   18 May 20 2009 .bash_logout

-rw-r–r–. 1 root root 176 Sep 22 2004 .bashrc

[root@Master ~]# ssh-keygen (command to generate private and public key)

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Created directory ‘/root/.ssh’.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

41:90:31:1a:17:a5:05:5f:75:69:9d:a8:0a:7b:e0:76 root@Master.Au-Tel.com

The key’s randomart image is:

+–[ RSA 2048]—-+

|   . BB+ … oo.|

|     +.* .   oo..|

|   . . o   ..   |

|       o . .     |

|     . S .     |

|       + E       |

|     . o       |

|                 |

|                 |

+—————–+

 

After running key gen command it will generate two key file under /root/.ssh directory

[root@Master .ssh]# pwd

/root/.ssh

[root@Master .ssh]# ls -l

total 8

-rw——- 1 root root 1675 Nov 10 01:20 id_rsa

-rw-r–r– 1 root root 404 Nov 10 01:20 id_rsa.pub

 

Private and public keys

[root@Master .ssh]# pwd

/root/.ssh

[root@Master .ssh]# ls -l

total 8

-rw——- 1 root root 1675 Nov 10 01:20 id_rsa (private key)

-rw-r–r– 1 root root 404 Nov 10 01:20 id_rsa.pub (public key)

Private key

[root@Master .ssh]# cat id_rsa

—–BEGIN RSA PRIVATE KEY—–

MIIEowIBAAKCAQEAuZv3TUN2+QnLTJ8rCK/QhNqi2Ce1BV2YtRfgprxjaXpeP9Mv

pju4Qf1rJ21sIfdUe4s2zheDZ514y9o5nP70bfHYMtR2yKbb5f8//k6f26B7LPF1

hB4/POX1mssoWGsRKFlVb+TtXFhwpCT/Eiaz4NhSts3ZPBOLVCPlIrFx5WMC3B4o

xlvz7tg7MrPhqE5YkA+s6wl+bhvPSC7QsmJIfpetKqc36T6CoJdq3NfQ+AbSFre9

FkZHhePFBlsm4yBtIZKCOkot1mLF/bqx6CuRdz8Xc1RhJY/rDk/IdVyn5gUj7xBY

P/UyIIfUL8aS9SQvzGfizF4Xa+HhmcL0wSv7ZQIBIwKCAQEAmcpfMWPI+jtQrTNs

zK7umfb79O2zPvXHq/3XZZTHZgZOF6Bark69Pf3ccSAmZUlF//cBhjC9Vdo/hFW6

tUhG3sESOL6rkE+9hA4B0rYsrqmKoZTdtpy4DeMb9Uk+r6kreTQTlzoGf7b+PtzT

WC6yTJX7ZEQpBeRO31DxDh3/SQd74ohbqEahHCHN+f7+Z1PLZcr0fDRmJQp3zsld

0gqRgi4ZnC/DXVFcWbN1YAwP1yGBFiRJqG5HVqSIz/ZzAAAeqPllpL/WDeXw1Sg0

ubB6+taL+iZqpgR/kjxzL72XkL/SdPDPQvN9O6hjEBWMBGnU/TdvzjTE6kqbHv24

d6qOawKBgQDaem8C5vfm1/LbVtQzZzRUvWZAmgSk8YjfTOulbaRPeH/pw9Sy8Z+H

7Mw82gTueO5wGWP3MSOoyyKoMFP6BzFem8aimD9NPwmM7KquhKqUTgvjYUtFXSIs

EJamt6SYNiwNZUKqBnE7EgojgRHYZyhwbC+3Hx3reUFgJJ89Rxht7QKBgQDZfGuu

bJM4/cVnRDkrxGVvckqL3m1VYYZNuxJY7vfWpsWkfi7xdVdEn89IE1GRle/yVVzx

0U4TqnYfcRuHlVAEAHuRGQAKY0O1TZjePMZ6ZGU7ryoxI199TTs1npVzPvGUH/p/

Ha2MDRxlQwSnoyO+UexvxglP8lgehLO1iIxUWQKBgQDN/miq9wb+OVKxjGGszwV0

eA/zxGrHZ2PLOeV+t9VvgD4W69csYCizW5v+3DCJEu9xAf8q5TBAD/wa67zkbS6M

Zv0c9fKKqSZDCwdUFq914y/HwiJl+LnRxn9p/ZswbZc/1ICu8CGeGFKzwtZPsbhp

/5qz+MRwTcFMBUWuzgEXLwKBgQDG2Cfv7j1171VlurftgFy9qlLJBeBOEAXDaTVY

n/iJvQx5IukXRrYwHRVJNjvy0jp3KXmMoht/scsVbroVj9Qg6n+amoOxudeBMQDL

MEBv5sL0vWhncMxVTez90tHIdBASZmFeRwUSVSFGo6x8At7Z5IBmMWeZjR1duyf2

bjcoiwKBgHy6LlBYhb8LDikHr2XxEmaS0WanLi2395WAM71fyF+7OjvUMplz/wf9

xVfcFrNKRNTogMl+B1Gfck1Cu3DcgwiVVGe6p35bPXzHFmU+9rFfE+bMFcI4j8f9

enRA3rPuikfCHg1Kuask9EuGHeWMkOmfljJ/IpRSJbPoGwTTpLhA

—–END RSA PRIVATE KEY—–

Public key

[root@Master .ssh]# cat id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuZv3TUN2+QnLTJ8rCK/QhNqi2Ce1BV2YtRfgprxjaXpeP9Mvpju4Qf1rJ21sIfdUe4s2zheDZ514y9o5nP70bfHYMtR2yKbb5f8//k6f26B7LPF1hB4/POX1mssoWGsRKFlVb+TtXFhwpCT/Eiaz4NhSts3ZPBOLVCPlIrFx5WMC3B4oxlvz7tg7MrPhqE5YkA+s6wl+bhvPSC7QsmJIfpetKqc36T6CoJdq3NfQ+AbSFre9fkZHhePFBlsm4yBtIZKCOkot1mLF/bqx6CuRdz8Xc1RhJY/rDk/IdVyn5gUj7xBYP/UyIIfUL8aS9SQvzGfizF4Xa+HhmcL0wSv7ZQ== root@Master.Au-Tel.com

SSH Key Authentication

 Run ssh-copy id command in Master server side:-

[root@Master .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@slave.autel.com

root@192.168.50.133’s password:

Now try logging into the machine, with “ssh ‘root@ slave.autel.com “, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

Check authorized keys is available in Slave Server: –

[root@Slave .ssh]# cat authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuZv3TUN2+QnLTJ8rCK/QhNqi2Ce1BV2YtRfgprxjaXpeP9Mvpju4Qf1rJ21sIfdUe4s2zheDZ514y9o5nP70bfHYMtR2yKbb5f8//k6f26B7LPF1hB4/POX1mssoWGsRKFlVb+TtXFhwpCT/Eiaz4NhSts3ZPBOLVCPlIrFx5WMC3B4oxlvz7tg7MrPhqE5YkA+s6wl+bhvPSC7QsmJIfpetKqc36T6CoJdq3NfQ+AbSFre9fkZHhePFBlsm4yBtIZKCOkot1mLF/bqx6CuRdz8Xc1RhJY/rDk/IdVyn5gUj7xBYP/UyIIfUL8aS9SQvzGfizF4Xa+HhmcL0wSv7ZQ== root@Master.Au-Tel.com

I am authorized server for slave server next it will not ask password connect

no-passwd

ssh-know host

Very first time if you are trying to access Linux server 3via SSH it will ask yes or no for connecting you have type yes. Because I don’t know about new Linux server it will ask yes or not for connecting yes. From next time it will not ask yes or not it will store information about you in ssh-known-host file

screenshot_2

Before connecting server run below command

[root@Master .ssh]# pwd

/root/.ssh

[root@Master .ssh]# ls -a

. .. id_rsa id_rsa.pub

 

From Server side

[root@Master .ssh]# ssh root@192.168.50.133

The authenticity of host ‘192.168.50.133 (192.168.50.133)’ can’t be established.

RSA key fingerprint is 7b:05:1a:c6:51:b5:0b:71:2e:41:d1: ed:d0:bb:3f:26.

Are you sure you want to continue connecting (yes/no)?yes

[ root@Master .ssh]# ls -a

. .. id_rsa id_rsa.pub known_hosts

 [root@Master .ssh]# cat known_hosts

192.168.50.133 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwQozTZRbhKZYYlx9SjR6LKJTkz6mk4nxGl20XVLQJhTwNvCTvpIX3k5dBBN/5hAHizgtSP7G2/b1lG1jVtgaLzQ07/if0R5k4EtCFJyObg+pcX8+Ainzz0rEqE8WZcrqqo9o/J9BSjH2lvNUUUlwmKvpXqjnkjHJO2io3eo9P5DXYcc1UIk53xjTl8VYYe3l26DmaitW8tfolO08ESfbg3R6cT22gpzybWZ12k1SqB8S4InHACW+cQXsswEMIXpjgCG9y4Acsf1n4tK5vruNi5BZ2pgOWYAG6GpviiN6n1DGr84ZWCzBjua65ZtgC+8KHMcZ5qxMGttpF3LvOVCjqw==

Next try it will not ask yes / no because you know about the server. It is stored server ip with public key in “/root/.ssh/knownhosts”

[root@Master .ssh]# ssh root@192.168.50.133

root@192.168.50.133’s password:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s