SSH Key concept in Linux
SSH – secure shell
It is used to connect Linux server remote using command line. Also ssh mentioned as secure shell. So what secure technical way followed? So for that ssh introduced concept is called ssh keys as private and public key authentication method to access your server.
For server-client model method some known user also access your server and some unknown attacker also access your server that case you have authenticate whom want access your server securely, For that thing used as ssh-key concept.
ssh-key
SSH keys are used for secure connections across a network. They come in pairs, so you have a public key and a private key.
ssh-keygen
[root@Master ~]# ls -al
total 20
dr-xr-x—. 2 root root 4096 Nov 10 00:38 .
dr-xr-xr-x. 23 root root 4096 Nov 9 21:51 ..
-rw——-. 1 root root 2335 Nov 8 08:03 anaconda-ks.cfg
-rw-r–r–. 1 root root 18 May 20 2009 .bash_logout
-rw-r–r–. 1 root root 176 Sep 22 2004 .bashrc
[root@Master ~]# ssh-keygen (command to generate private and public key)
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
41:90:31:1a:17:a5:05:5f:75:69:9d:a8:0a:7b:e0:76 root@Master.Au-Tel.com
The key’s randomart image is:
+–[ RSA 2048]—-+
| . BB+ … oo.|
| +.* . oo..|
| . . o .. |
| o . . |
| . S . |
| + E |
| . o |
| |
| |
+—————–+
After running key gen command it will generate two key file under /root/.ssh directory
[root@Master .ssh]# pwd
/root/.ssh
[root@Master .ssh]# ls -l
total 8
-rw——- 1 root root 1675 Nov 10 01:20 id_rsa
-rw-r–r– 1 root root 404 Nov 10 01:20 id_rsa.pub
Private and public keys
[root@Master .ssh]# pwd
/root/.ssh
[root@Master .ssh]# ls -l
total 8
-rw——- 1 root root 1675 Nov 10 01:20 id_rsa (private key)
-rw-r–r– 1 root root 404 Nov 10 01:20 id_rsa.pub (public key)
Private key
[root@Master .ssh]# cat id_rsa
—–BEGIN RSA PRIVATE KEY—–
MIIEowIBAAKCAQEAuZv3TUN2+QnLTJ8rCK/QhNqi2Ce1BV2YtRfgprxjaXpeP9Mv
pju4Qf1rJ21sIfdUe4s2zheDZ514y9o5nP70bfHYMtR2yKbb5f8//k6f26B7LPF1
hB4/POX1mssoWGsRKFlVb+TtXFhwpCT/Eiaz4NhSts3ZPBOLVCPlIrFx5WMC3B4o
xlvz7tg7MrPhqE5YkA+s6wl+bhvPSC7QsmJIfpetKqc36T6CoJdq3NfQ+AbSFre9
FkZHhePFBlsm4yBtIZKCOkot1mLF/bqx6CuRdz8Xc1RhJY/rDk/IdVyn5gUj7xBY
P/UyIIfUL8aS9SQvzGfizF4Xa+HhmcL0wSv7ZQIBIwKCAQEAmcpfMWPI+jtQrTNs
zK7umfb79O2zPvXHq/3XZZTHZgZOF6Bark69Pf3ccSAmZUlF//cBhjC9Vdo/hFW6
tUhG3sESOL6rkE+9hA4B0rYsrqmKoZTdtpy4DeMb9Uk+r6kreTQTlzoGf7b+PtzT
WC6yTJX7ZEQpBeRO31DxDh3/SQd74ohbqEahHCHN+f7+Z1PLZcr0fDRmJQp3zsld
0gqRgi4ZnC/DXVFcWbN1YAwP1yGBFiRJqG5HVqSIz/ZzAAAeqPllpL/WDeXw1Sg0
ubB6+taL+iZqpgR/kjxzL72XkL/SdPDPQvN9O6hjEBWMBGnU/TdvzjTE6kqbHv24
d6qOawKBgQDaem8C5vfm1/LbVtQzZzRUvWZAmgSk8YjfTOulbaRPeH/pw9Sy8Z+H
7Mw82gTueO5wGWP3MSOoyyKoMFP6BzFem8aimD9NPwmM7KquhKqUTgvjYUtFXSIs
EJamt6SYNiwNZUKqBnE7EgojgRHYZyhwbC+3Hx3reUFgJJ89Rxht7QKBgQDZfGuu
bJM4/cVnRDkrxGVvckqL3m1VYYZNuxJY7vfWpsWkfi7xdVdEn89IE1GRle/yVVzx
0U4TqnYfcRuHlVAEAHuRGQAKY0O1TZjePMZ6ZGU7ryoxI199TTs1npVzPvGUH/p/
Ha2MDRxlQwSnoyO+UexvxglP8lgehLO1iIxUWQKBgQDN/miq9wb+OVKxjGGszwV0
eA/zxGrHZ2PLOeV+t9VvgD4W69csYCizW5v+3DCJEu9xAf8q5TBAD/wa67zkbS6M
Zv0c9fKKqSZDCwdUFq914y/HwiJl+LnRxn9p/ZswbZc/1ICu8CGeGFKzwtZPsbhp
/5qz+MRwTcFMBUWuzgEXLwKBgQDG2Cfv7j1171VlurftgFy9qlLJBeBOEAXDaTVY
n/iJvQx5IukXRrYwHRVJNjvy0jp3KXmMoht/scsVbroVj9Qg6n+amoOxudeBMQDL
MEBv5sL0vWhncMxVTez90tHIdBASZmFeRwUSVSFGo6x8At7Z5IBmMWeZjR1duyf2
bjcoiwKBgHy6LlBYhb8LDikHr2XxEmaS0WanLi2395WAM71fyF+7OjvUMplz/wf9
xVfcFrNKRNTogMl+B1Gfck1Cu3DcgwiVVGe6p35bPXzHFmU+9rFfE+bMFcI4j8f9
enRA3rPuikfCHg1Kuask9EuGHeWMkOmfljJ/IpRSJbPoGwTTpLhA
—–END RSA PRIVATE KEY—–
Public key
[root@Master .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuZv3TUN2+QnLTJ8rCK/QhNqi2Ce1BV2YtRfgprxjaXpeP9Mvpju4Qf1rJ21sIfdUe4s2zheDZ514y9o5nP70bfHYMtR2yKbb5f8//k6f26B7LPF1hB4/POX1mssoWGsRKFlVb+TtXFhwpCT/Eiaz4NhSts3ZPBOLVCPlIrFx5WMC3B4oxlvz7tg7MrPhqE5YkA+s6wl+bhvPSC7QsmJIfpetKqc36T6CoJdq3NfQ+AbSFre9fkZHhePFBlsm4yBtIZKCOkot1mLF/bqx6CuRdz8Xc1RhJY/rDk/IdVyn5gUj7xBYP/UyIIfUL8aS9SQvzGfizF4Xa+HhmcL0wSv7ZQ== root@Master.Au-Tel.com
SSH Key Authentication
Run ssh-copy id command in Master server side:-
[root@Master .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@slave.autel.com
root@192.168.50.133’s password:
Now try logging into the machine, with “ssh ‘root@ slave.autel.com “, and check in:
.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.
Check authorized keys is available in Slave Server: –
[root@Slave .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuZv3TUN2+QnLTJ8rCK/QhNqi2Ce1BV2YtRfgprxjaXpeP9Mvpju4Qf1rJ21sIfdUe4s2zheDZ514y9o5nP70bfHYMtR2yKbb5f8//k6f26B7LPF1hB4/POX1mssoWGsRKFlVb+TtXFhwpCT/Eiaz4NhSts3ZPBOLVCPlIrFx5WMC3B4oxlvz7tg7MrPhqE5YkA+s6wl+bhvPSC7QsmJIfpetKqc36T6CoJdq3NfQ+AbSFre9fkZHhePFBlsm4yBtIZKCOkot1mLF/bqx6CuRdz8Xc1RhJY/rDk/IdVyn5gUj7xBYP/UyIIfUL8aS9SQvzGfizF4Xa+HhmcL0wSv7ZQ== root@Master.Au-Tel.com
I am authorized server for slave server next it will not ask password connect
ssh-know host
Very first time if you are trying to access Linux server 3via SSH it will ask yes or no for connecting you have type yes. Because I don’t know about new Linux server it will ask yes or not for connecting yes. From next time it will not ask yes or not it will store information about you in ssh-known-host file
Before connecting server run below command
[root@Master .ssh]# pwd
/root/.ssh
[root@Master .ssh]# ls -a
. .. id_rsa id_rsa.pub
From Server side
[root@Master .ssh]# ssh root@192.168.50.133
The authenticity of host ‘192.168.50.133 (192.168.50.133)’ can’t be established.
RSA key fingerprint is 7b:05:1a:c6:51:b5:0b:71:2e:41:d1: ed:d0:bb:3f:26.
Are you sure you want to continue connecting (yes/no)?yes
[ root@Master .ssh]# ls -a
. .. id_rsa id_rsa.pub known_hosts
[root@Master .ssh]# cat known_hosts
192.168.50.133 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwQozTZRbhKZYYlx9SjR6LKJTkz6mk4nxGl20XVLQJhTwNvCTvpIX3k5dBBN/5hAHizgtSP7G2/b1lG1jVtgaLzQ07/if0R5k4EtCFJyObg+pcX8+Ainzz0rEqE8WZcrqqo9o/J9BSjH2lvNUUUlwmKvpXqjnkjHJO2io3eo9P5DXYcc1UIk53xjTl8VYYe3l26DmaitW8tfolO08ESfbg3R6cT22gpzybWZ12k1SqB8S4InHACW+cQXsswEMIXpjgCG9y4Acsf1n4tK5vruNi5BZ2pgOWYAG6GpviiN6n1DGr84ZWCzBjua65ZtgC+8KHMcZ5qxMGttpF3LvOVCjqw==
Next try it will not ask yes / no because you know about the server. It is stored server ip with public key in “/root/.ssh/knownhosts”
[root@Master .ssh]# ssh root@192.168.50.133
root@192.168.50.133’s password:
Au-Tel Linux Admin 