Use ssh key login remote server
Using SSH keys for logging into remote hosts instead of passwords
Normally, logging into a server involves using a username and password,
but passwords can be compromised through interception or sharing.
The security level is not as robust as using SSH keys, which also eliminate the need for manual password entry each time.
Creating SSH Keys for Login
Generating SSH keys on the client side using the command:
ssh-keygen
Note: SSH keys should be in RSA format; if using OPENSSH, errors may persist.
Reference: mac majave 10.14.1 ssh-keygen Key Format Issue
By default, keys are generated in the .ssh/
directory.
If copying someone else’s id_rsa
and id_rsa.pub
, permissions need to be reset to avoid errors:
chmod 600 id_rsa
chmod 644 id_rsa.pub
Permission Explanation
-rw------- (600) -- Only the owner has read and write permissions.
-rw-r--r-- (644) -- Only the owner has read and write permissions; the group and others have read-only permissions.
-rwx------ (700) -- Only the owner has read, write, and execute permissions.
-rwxr-xr-x (755) -- The owner has read, write, and execute permissions; the group and others have read and execute permissions.
-rwx--x--x (711) -- The owner has read, write, and execute permissions; the group and others have execute-only permissions.
-rw-rw-rw- (666) -- All users have read and write permissions. This practice is not recommended.
-rwxrwxrwx (777) -- All users have read, write, and execute permissions. This practice is highly discouraged.
The following are common settings for directories:
drwx------ (700) - Only the owner can read and write in the directory.
drwxr-xr-x (755) - All users can read the directory, but only the owner can change its contents.
Remote Host Configuration
After logging into the remote host, check if the ./ssh/authorized_keys
file exists in the user’s home directory.
If not, create it and set permissions using chmod 600 authorized_keys
.
The contents of this file should match the public key generated earlier (id_res.pub
).
Example:
ssh-rsa AABAB3NzaC1yc2Gmy80/{...omitted...}/UD9CBSzNAya7r6w==
Additional Information
Allowing Cloud Host Access to Version Control
- After creating a GCP user, generate SSH keys as per the above procedure.
- Add the public key to the version control’s SSH key list.