When you want to connect to a server, plugging in a serial cable is not a bad idea. However, plugging in the old but trusted RS-232-based serial console cable becomes a bit more complicated when your server is hosted in the ☁; thus you are no longer living in the 20th century.

Asymmetric encryption

You must have heard it before, but using the SSH network protocol, you can establish a network connection rather than a physical connection to an external device, such as a server. When configured correctly, these connections ofter are secure and encrypted due to access credentials.

SSH keys are access credentials consisting of a private and public key pair. In a general sense, private keys should remain on your personal computer, and public keys can be shared with any server you would want to authenticate to. Private keys are used to decrypt information, whereas public keys are used to encrypt data that is exchanged in the SSH protocol. This encryption method is also called asymmetric encryption, shown in the figure below.

Asymmetric encryption

Generating SSH key pairs

To generate a new SSH public and private key pair, you can run either of the following commands but I recommend using ed25519 over rsa. Even though RSA is the most widely used public-key algorithm for SSH keys, it's slower compared to Ed25519 and even considered insecure if generated with a key length less than 2048 bits. These commands contain the current recommended settings to create a key pair.

ssh-keygen -t ed25519 -a 100 -C "[email protected]"
ssh-keygen -t rsa -b 4096 -o -a 100 -C "[email protected]"

You may want to change -a (the key derivation function rounds) and/or -b (the number of bits in the key) to fit your needs.

Several questions will be presented during the process of generating an SSH key pair, including the question below, which inquires where the SSH key pair should be stored. The default location is in the .ssh folder within the user's home directory; you can press ⏎ Enter to accept this default location.

Enter file in which to save the key (~/.ssh/id_ed25519):

Using a passphrase is highly recommended and should be at least 15, preferably 20 characters in length, and be difficult to guess.

Enter passphrase (empty for no passphrase): YourSecretPassphrase
Enter same passphrase again: YourSecretPassphrase

Finally, once the SSH keys are generated successfully, you will be presented by these messages, and your SSH keys are stored as specified.

Your identification has been saved in ~/.ssh/id_ed25519
Your public key has been saved in ~/.ssh/id_ed25519.pub

Adding SSH key pairs

Once you generated your SSH key pair, you might want to add your private key to the SSH authentication agent on your local machine. You can do so using the following command.

ssh-add ~/.ssh/id_rsa

Next, create a directory named .ssh in your user's home directory on the external device or server, add a filed called authorized_keys and set the right permissions on the directory and files using these commands.

mkdir ~/.ssh && touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*

Now you can append your public key to the server using the authorized_keys file using the command below.

cat <your_public_key_file> >> ~/.ssh/authorized_keys

Or you can paste the contents of your public key to the authorized_keys file manually using this command.

nano ~/.ssh/authorized_keys

Finally, reload the SSH service using either of these commands.

service ssh restart
systemctl restart sshd

You should now be able to login to your external device using your newly generated SSH key pair!

Post image by Michael Meilen