SSH Key Pairs

stacksofplates

To make access to our servers easier and more secure, we use SSH keys. When you create a key pair, you get a private key and a public key. The public key is transferred to the remote server and your private key stays on your device.

Create the keys like this:

ssh-keygen -t ecdsa -b 521

In your home folder you will have a hidden folder named .ssh. Inside there will be a file named id_rsa which is your private key, and a file called id_rsa.pub which is your public file.

You send the key to a server like this:

ssh-copy-id user@host

This will create a file inside the .ssh folder on the server named authorized_keys which will hold all of the public keys.

This can be cumbersome if you need to add your key to multiple servers at once. Orchestration tools can make this process easier. With Ansible it's as easy as:

- name: Copy SSH key
  authorized_key:
    user: jhooks
    state: present
    key: "{{ lookup('file', '/home/jhooks/.ssh/id_ecdsa.pub') }}"

There are other methods for SSH key management like DNSSEC but I have not used them, so I can't comment on them.

stacksofplates

Since the images disappeared, I added them as code.

Also, Identity Management (FreeIPA) makes it really easy to store public keys in LDAP so any system joined to IdM can verify the key.