ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    SSH Key Pairs

    IT Discussion
    ssh key management ssh keys public key private key ansible linux remote acces linux
    1
    2
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stacksofplatesS
      stacksofplates
      last edited by stacksofplates

      To make access to our servers easier and more secure, we use SSH keys. When you create a key pair, you get a private key and a public key. The public key is transferred to the remote server and your private key stays on your device.

      Create the keys like this:

      ssh-keygen -t ecdsa -b 521
      

      In your home folder you will have a hidden folder named .ssh. Inside there will be a file named id_rsa which is your private key, and a file called id_rsa.pub which is your public file.

      You send the key to a server like this:

      ssh-copy-id user@host
      

      This will create a file inside the .ssh folder on the server named authorized_keys which will hold all of the public keys.

      This can be cumbersome if you need to add your key to multiple servers at once. Orchestration tools can make this process easier. With Ansible it's as easy as:

      - name: Copy SSH key
        authorized_key:
          user: jhooks
          state: present
          key: "{{ lookup('file', '/home/jhooks/.ssh/id_ecdsa.pub') }}"
      

      There are other methods for SSH key management like DNSSEC but I have not used them, so I can't comment on them.

      1 Reply Last reply Reply Quote 6
      • stacksofplatesS
        stacksofplates
        last edited by

        Since the images disappeared, I added them as code.

        Also, Identity Management (FreeIPA) makes it really easy to store public keys in LDAP so any system joined to IdM can verify the key.

        1 Reply Last reply Reply Quote 7
        • 1 / 1
        • First post
          Last post