When you want to connect to a server, plugging in a serial cable is not a bad idea. However, plugging in the old but trusted RS-232-based serial console cable becomes a bit more complicated when your server is hosted in the ☁; thus you are no longer living in the 20th century.
You must have heard it before, but using the SSH network protocol, you can establish a network connection rather than a physical connection to an external device, such as a server. When configured correctly, these connections ofter are secure and encrypted due to access credentials.
SSH keys are access credentials consisting of a private and public key pair. In a general sense, private keys should remain on your personal computer, and public keys can be shared with any server you would want to authenticate to. Private keys are used to decrypt information, whereas public keys are used to encrypt data that is exchanged in the SSH protocol. This encryption method is also called asymmetric encryption, shown in the figure below.
Generating SSH key pairs
To generate a new SSH public and private key pair, you can run either of the following commands but I recommend using
rsa. Even though RSA is the most widely used public-key algorithm for SSH keys, it's slower compared to Ed25519 and even considered insecure if generated with a key length less than 2048 bits. These commands contain the current recommended settings to create a key pair.
ssh-keygen -t ed25519 -a 100 -C "[email protected]" ssh-keygen -t rsa -b 4096 -o -a 100 -C "[email protected]"
You may want to change
-a (the key derivation function rounds) and/or
-b (the number of bits in the key) to fit your needs.
Several questions will be presented during the process of generating an SSH key pair, including the question below, which inquires where the SSH key pair should be stored. The default location is in the .ssh folder within the user's home directory; you can press
⏎ Enter to accept this default location.
Enter file in which to save the key (~/.ssh/id_ed25519):
Using a passphrase is highly recommended and should be at least 15, preferably 20 characters in length, and be difficult to guess.
Enter passphrase (empty for no passphrase): YourSecretPassphrase Enter same passphrase again: YourSecretPassphrase
Finally, once the SSH keys are generated successfully, you will be presented by these messages, and your SSH keys are stored as specified.
Your identification has been saved in ~/.ssh/id_ed25519 Your public key has been saved in ~/.ssh/id_ed25519.pub
Adding SSH key pairs
Once you generated your SSH key pair, you might want to add your private key to the SSH authentication agent on your local machine. You can do so using the following command.
Next, create a directory named
.ssh in your user's home directory on the external device or server, add a filed called
authorized_keys and set the right permissions on the directory and files using these commands.
mkdir ~/.ssh && touch ~/.ssh/authorized_keys chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
Now you can append your public key to the server using the
authorized_keys file using the command below.
cat <your_public_key_file> >> ~/.ssh/authorized_keys
Or you can paste the contents of your public key to the
authorized_keys file manually using this command.
Finally, reload the SSH service using either of these commands.
service ssh restart systemctl restart sshd
You should now be able to login to your external device using your newly generated SSH key pair!
Post image by Michael Meilen