Programming

SSH-COPY-ID

ssh-copy-id installs an SSH key on a server as an authorized key. Its purpose is to provision access without requiring a password for each login. This aids automated, password-less logins and single sign-on using the SSH protocol.

SETTING UP PUBLIC KEY AUTHENTICATION

With OpenSSH, an SSH key is created using ssh-keygen. In the simplest form, just run ssh-keygen and answer the questions. The following example illustrates this.

# ssh-keygen Generating public/private rsa key pair. 
Enter file in which to save the key (/home/xyz/.ssh/id_rsa): mykey 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in mykey. Your public key has been saved in mykey.pub. 
The key fingerprint is: 
SHA256:GKW7yzA1J1qkr1Cr9MhUwAbHbF2NrIPEgZXeOUOz3Us ylo@klar The key's randomart image is: 
+---[RSA 2048]----+ |.*++ o.o. | |.+B + oo. | | +++ *+. | | .o.Oo.+E | | ++B.S. | | o * =. | | + = o | | 
+ = = . | | + o o | +----[SHA256]-----+ #

Creating a key pair (public key and private key) only takes a minute. The key files are usually stored in the ~/.ssh directory

COPY THE KEY TO A SERVER

Once an SSH key has been created, the ssh-copy-id command can be used to install it as an authorized key on the server. Once the key has been authorized for SSH, it grants access to the server without a password.

Use a command like the following to copy SSH key:

ssh-copy-id -i ~/.ssh/mykey user@host

This logs into the server host, and copies keys to the server, and configures them to grant access by adding them to the authorized_keys file. The copying may ask for a password or other authentication for the server.

Only the public key is copied to the server. The private key should never be copied to another machine.

TEST THE NEW KEY

Once the key has been copied, it is best to test it:

ssh -i ~/.ssh/mykey user@host

The login should now complete without asking for a password. Note, however, that the command might ask for the passphrase you specified for the key.

SOME BEST PRACTICES FOR SSH KEYS

SSH keys are very useful, but can lead to problems if they are not properly managed. They are access credentials just like user names and passwords. If they are not properly removed when people leave or systems are decommissioned, no-one may any longer know who really has access to which systems and data. Many large organizations have ended up having millions of SSH keys.


Leave a Reply

Your email address will not be published. Required fields are marked *