Introductory information:
- SSH is used for administering remote servers from your desktop
- SSH encrypts the traffic
What is asymmetric cryptography:
- Asymmetric cryptography means that keys used for encryption/decryption are different!
- One mathematical formula spits two keys that are not identical.
- One key can encrypt data and the other key can decrypt it. Same happens vice versa.
- These keys are used as public and private key pairs.
- Private key is kept private while public key can be told to everyone.
- Diffy Hellman algorithm is used to encrypt all following traffic between two ends
Steps to create keys:
- We
run ssh-keygen tool that will generate public and private key pair.
- The id_rsa (private key) and id_rsa.pub (public key) are stored in user’s home directory.
- The passphrase will be asked when logging in to a ssh.
- By running ls command, we now have id_rsa and id_rsa.pub keys, together with known_hosts
- With ssh-copy-id <servername or ip address> we are checking if our public key is present on the server and copying it there.
- Enter password for user’s account (system account).
- Key is added on server as public in authorized_keys file.
ssh <servername or ip address>
We are connected to the server. If we set a passphrase at the ssh-keygen phase, then it will prompt us to enter that passphrase. If not, it won’t
NOTE
ssh-agent is a tool that holds passphrases for ssh private keys and supplies them on user’s demand.
Adding keys to ssh-agent with ssh-add command.
ssh-add -l lists all passphrases it holds.
- Once logged in, we have control over the server.
- We logged in using ssh centos7box, logout.
- We
can create files, list them, delete, modify, without connecting to a
ssh using below described commands, or create alias for convenient way.
