Byte Ebi's Logo

Byte Ebi 🍀

A Bit everyday A Byte every week

Use ssh key login remote server

Using SSH keys for logging into remote hosts instead of passwords

Ray

Normally, logging into a server involves using a username and password,
but passwords can be compromised through interception or sharing.
The security level is not as robust as using SSH keys, which also eliminate the need for manual password entry each time.

Creating SSH Keys for Login

Generating SSH keys on the client side using the command:

ssh-keygen

Note: SSH keys should be in RSA format; if using OPENSSH, errors may persist.
Reference: mac majave 10.14.1 ssh-keygen Key Format Issue

By default, keys are generated in the .ssh/ directory.

If copying someone else’s id_rsa and id_rsa.pub, permissions need to be reset to avoid errors:

chmod 600 id_rsa
chmod 644 id_rsa.pub

Permission Explanation

-rw------- (600) -- Only the owner has read and write permissions.
-rw-r--r-- (644) -- Only the owner has read and write permissions; the group and others have read-only permissions.
-rwx------ (700) -- Only the owner has read, write, and execute permissions.
-rwxr-xr-x (755) -- The owner has read, write, and execute permissions; the group and others have read and execute permissions.
-rwx--x--x (711) -- The owner has read, write, and execute permissions; the group and others have execute-only permissions.
-rw-rw-rw- (666) -- All users have read and write permissions. This practice is not recommended.
-rwxrwxrwx (777) -- All users have read, write, and execute permissions. This practice is highly discouraged.

The following are common settings for directories:

drwx------ (700) - Only the owner can read and write in the directory.
drwxr-xr-x (755) - All users can read the directory, but only the owner can change its contents.

Remote Host Configuration

After logging into the remote host, check if the ./ssh/authorized_keys file exists in the user’s home directory.
If not, create it and set permissions using chmod 600 authorized_keys.
The contents of this file should match the public key generated earlier (id_res.pub).

Example:

ssh-rsa AABAB3NzaC1yc2Gmy80/{...omitted...}/UD9CBSzNAya7r6w==

Additional Information

Allowing Cloud Host Access to Version Control

  1. After creating a GCP user, generate SSH keys as per the above procedure.
  2. Add the public key to the version control’s SSH key list.

Recent Posts

Categories

Tags