Linux Essentials - Public Key Authentication

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] thank you so much for checking out learnlinuxtv your source for linux related fun and learning i just love making this content for you guys but making such content isn't cheap if you enjoy my content please consider supporting me by becoming a patron as a patron you'll enjoy ad-free versions of every video that i upload and also at specific tiers you'll also enjoy early access to select videos before the rest of the world but even if you're not able to support me by becoming a patron no problem there's other ways to help you can simply click the like button on the videos that you enjoy that would help out in addition to that word of mouth helps as well so if you are enjoying my content please help spread the learning by telling your friends and co-workers about the channel if you're looking for something to read well you're in luck i write books and you can check out my latest books at learnlinux.tv books are you looking for help for your linux server related projects or are you a business that has a linux related project that you're working on and you need another set of hands well you're in luck go to learnlinux.tv request hyphen assistance there you can check out my schedule and consider hiring me to help you out with all of that out of the way let's go ahead and get started with today's video [Music] hello again everyone and welcome back to learn linux tv in today's episode of linux essentials it's all about openssh openssh or more simply ssh is the standard when it comes to remote administration of your linux servers but the thing is you really shouldn't be using password authentication but in order to disable password authentication you first have to set up public key authentication which is going to be the subject matter of today's video now i already have a video a guide on openssh that you should definitely check out and this is one of those things that's included in that video but i wanted to make this dedicated video because again you guys really shouldn't be using password authentication anymore so we're going to take a look at public key authentication in this video and then if you want to learn even more about openssh you can check out the guide that i also have on this channel right now so let's go ahead and get started now before we continue we will need to make sure that ssh itself is working because without that then obviously public key authentication isn't going to work at all here on my laptop i'm running ubuntu but when it comes to linux it doesn't really matter what distribution you're running because every distribution that i've ever used includes the ssh client by default and we can verify that by running which and then ssh and here we see that that command did in fact produce output if it didn't then that means that the ssh client is not installed but again every distribution that i've ever used includes the ssh client so you shouldn't need to do anything at all when it comes to linux on mac os it's essentially the exact same thing we could run which ssh and if that produces output that means we have the ssh client installed so here we can see that the ssh client is actually located at slash user bin ssh so what we can glean from this is that when it comes to installing the ssh client there's nothing that we'll have to do on mac os or linux it's already installed so the only thing that leaves then is windows that's actually the only operating system nowadays that doesn't have the ssh client installed by default so here i am on a windows pc and on windows there's actually several methods that we can use to obtain the ssh client and the most popular method is going to be using putty which is a free application that you can download that gives you access to an ssh client and the process of using putty to set up public key authentication is quite a bit different when compared to mac os and linux so we're going to cover that at the end of this video but since i'm here on this windows pc right now what i'll do is show you how to install putty and then we'll come back to windows later so what i'm going to do is go to putty.org and we'll click right here to download putty we'll just grab the latest installer and we'll go ahead and save it and it's a small download in fact it's already done so i'm going to run the installer and now we're done so we should have putty installed now it should be right here in the start menu so i'll scroll down and sure enough here it is again we'll come back to putty later in the video but at least for right now we have access to an ssh client on every operating system all right so let's take a look at the process of generating an ssh key pair for use with openssh and that process is actually the same on mac os and linux so here on my ubuntu laptop i'm going to show you the command and for those of you out there that are using mac os you'll be able to use the same command now first we need to make sure that we don't already have an ssh key pair on our system and the reason for that is because the command that i'm about to show you will overwrite any keys that are currently in the default location so we need to make sure that there's no key already there first so what i'll do is list the storage of the dot ssh directory that's in my home directory it's currently empty if you see an error on your end that that directory doesn't already exist that's okay the next command that i'm going to show you will create that directory if it doesn't already exist now if you did actually see keys in this directory on your end you'll definitely want to make sure you back them up before we continue so let's go ahead and generate the key and the command that we'll use is ssh hyphen keychain and we'll use the b option what the dash b option allows us to do is specify the bit size and i'll set a bit size of 4096 which is actually a lot stronger than the default so i'll press enter now the first thing it's asking us to do is specify where we want to save the key and right now it's going to default to this path right here at least on linux if you don't specify a path and file name then this is the path right here that it's going to create the key in and this path will be different on macos that's okay we just want to make sure that we don't already have a key at this location and we can give it a different path and name if we want to create a key and not collide with the original if there is one but i don't actually have a key yet so i'm okay to continue so i'll just press enter to accept the default and next it's asking us if we want to set a passphrase now a passphrase is highly recommended it's not required you'll still benefit from having a public key pair even if you don't use a passphrase but a passphrase will add an additional layer of security if you do choose a passphrase you will need to remember it because there's no way to retrieve it if you forget it i'm just going to press enter for now for no passphrase and at this point it wants me to repeat the same passphrase and i didn't enter one so i'll press enter again and that's it we have successfully generated a public key pair for ssh if we list the storage of the dot ssh directory in our home directory we can now see that there's two files in there at least this file right here is the private key under no circumstances should you ever show the contents of that file for any reason and here we have the public key so as you can see the public key has an extension of pub and the private key has no extension at all now i can actually show you the contents of the public key and it's totally fine to do so and there it is this key is going to be different for each and every single one of you we have the key right here all this text right here is the key and then we have the username and the hostname of where this key was actually generated again this is the public key i can show this to you there's no problem with me doing so and that's why it's called a public key you could literally put the contents of this file on a billboard on a busy interstate and that's fine but again under no circumstances should you ever show the contents of the private key so what we'll need to do at this point is copy our public key over to our server but before i do that i just want to make sure that i'm able to actually connect to that server and then i'll add the key so what i'll do is use ssh and then the username on this particular server i haven't created a user for myself yet so for now i'll just use root in the ip address i'll type that in right here and that's it right there so at this point it's confirming if we want to actually connect to that server it's showing us the fingerprint of that server right here and that differentiates this server from any other server out there and i'll just confirm that by saying yes i'll press enter next i'll type in the password and now i'm in so as we can see ssh is working just fine but we're not actually using our key just yet we just verified that we are in fact able to connect to the server via ssh and as you can see we are so i'll just hold ctrl and press d to disconnect and let's work on the process of actually copying our key from my laptop here over to that server so we can take advantage of public key authentication and the process of copying a public key over to a server is very simple we have a dedicated command for that purpose and it's this one right here so what we're going to do is type ssh hyphen copy hyphen id and then what we're going to do is type the user name yet again and then the ip address just like last time so we have ssh hyphen copy hyphen id and then the username and then add and then finally the ip address so far so good i'll press enter and now what we're going to do is type the password for the user on the server side of things and right here is telling us that the number of keys that it added is one we only had one key so that should mean that our public key has been copied over to that server and to test that let's try to ssh into that server one more time and see what's different there's the command that we used previously to ssh into that server i'll press enter and i'm immediately connected to the server it didn't even ask me for the password now if i had a passphrase on that key it would have asked me for that but since i didn't include a passphrase it just let me write in i didn't use password authentication this actually used public key authentication now let's take a look at something interesting here if i list the contents of the dot ssh directory on the server side you can see that there's a new file there and it's called authorized underscore keys that file didn't actually exist until i ran the ssh copy id command to copy my key over to the server and if i cap the contents of that file we can see that the contents are actually the same contents of my public key and that's what the authorized case file actually is now it may not look like it but the file right now only has one line and that one line contains a lot of text so it's wrapped it looks like a bunch of lines but it's only one line every time you run the ssh copy id command it's going to add your public key to a new line in that file so basically you have one line here for every key that is being used to connect to the server for that user all right so here on windows let's see how we could do the exact same thing i still have putty open on my screen right here as you can see and what i'm going to do is just like last time test that ssh works first and then after i test that i'm going to generate a key and then copy that key over to the server now to make the process simpler going forward what i'm going to do is create a session in putty so that way i don't have to manually type out everything every time i want to connect so what i'll do right here is i'll type the username and the username is root and then i'll type the ip address and then here i'm going to give it a name and this is a linode server so what i'm going to do is call it lenode server i'll save the connection and now what i could do is i could close that go back into putty i could click on the session that i saved click load and it pops that information right here back into that field that just makes it easier so i'll click open i'll accept the connection and then i'll type in the password so as you can see i do have access to that linux server via putty so far so good so what i'll do is disconnect and now let's look at the process of creating a key that we can use to simplify the connection so what i'll do is click on the start button i'll go back to putty release the folder for putty and what i'm going to do is open puttygen this is something that's installed by default when you install putty itself it comes along for the ride so i'll click on that and here this is what we're going to use to generate our key so it's going to be similar to what we were doing earlier with linux or mac os but we're doing it here in windows so just like last time i'm going to change the bit size to 4096 just like that and i'll click generate so at this point what it wants me to do is move my mouse cursor around in the empty part of the window to generate some additional entropy so just move your mouse cursor around doesn't matter how you move it around just keep it inside the window move it randomly and it should be good so at this point it actually generated the key so what i'm going to do is right click in this area i'm going to click select all and then i'll right click again and click copy and then what i'll do is open up notepad i'll paste it in right here and then what i'll do is just go ahead and save the file and again this is the public key so it's okay that you were able to see the contents of that file so i'll just create a folder for it and what i'll do is name it public key and i'll just save it as all files i don't actually need to give it a file extension that should be fine so now that we have the public key saved i'll just minimize that for now we should actually save the private key as well so i'll click on this button and like it says here a passphrase is a very good idea i'll leave that up to you i'll just click yes right here and right in here what i'll do is just call it private key save it and now we have a public and private key here on windows that we can use to simplify our connection so now what we'll need to do is copy that key over to the server so that way we'll be able to use it so what i'll do is close this and i'll reopen putty i'll load the session that i saved earlier we're just connecting manually for now so i'll click open i'll type in the password and press enter as you saw earlier inside the dot ssh directory we have this file right here authorized keys so what i'm going to do is open that file up in an editor so i'll just use nano that should be good enough and as you can see we have the public key from the first client that connected to the server so on a different line what i'll do is paste the contents of the public key which i copied right here so what i did was i just held shift and i pressed insert to paste the key right here and right here i have the key for windows pasted on the second line so i'll hold ctrl and press o to save the file enter to confirm and then ctrl x to exit out so we shouldn't need this anymore what i'm going to do is close putty and then i'll reopen it so here in putty what i'm going to do is load this session after i do that under connection then ssh and then off what we're going to do is tell putty where to find the private key and here it is it's in the ssh keys folder just click on it and i'll click open then back in session i'll click on the session name that i saved earlier i'm going to save over top of it because i did tell it where to find the private key and i don't want to have to tell it that every single time so we should be good i'll click open and we're in just like that so now you know how to use an ssh key pair here in windows as well so there you go now you guys know the process of setting up public key authentication for ssh which is absolutely something that you guys should already be doing be sure to check the channel for other videos about ssh to learn even more and i'll see you in the next video thanks for watching [Music] you
Info
Channel: LearnLinuxTV
Views: 11,482
Rating: undefined out of 5
Keywords: key authentication, how to automatically authenticate linux, public key authentication, how to use public key authentication, linux ssh keys, public-key, public key, linux ssh keys explained, Linux, Howto, openssh, key, key pair, ssh key, ssh keys, linux tutorial, rsa linux tutorial, linux tutorial ubuntu, how to use ssh key, how to use ssh keys on linux, secure shell tutorial, linux ssh key tutorial, private key, rsa public key, how to use ssh keys, ssh2, Secure shell
Id: bfwfRCCFTVI
Channel Id: undefined
Length: 19min 5sec (1145 seconds)
Published: Mon Sep 20 2021
Related Videos
i built a Raspberry Pi SUPER COMPUTER!! // ft. Kubernetes (k3s cluster w/ Rancher)
NetworkChuck
745K
OpenSSH Full Guide - Everything you need to get started!
LearnLinuxTV
144K
Linux Essentials - Symbolic Links
LearnLinuxTV
11K
Enterprise Linux Security Episode 11 - CrowdSec
LearnLinuxTV
1.4K
Linux Essentials - Formatting & Mounting Storage Volumes
LearnLinuxTV
21K
Having trouble getting into IT? You CAN do it! Here's my story.
LearnLinuxTV
22K
Flatpak Tutorial - Setting up Flatpak and installing Packages
LearnLinuxTV
6.9K
Git Essentials
LearnLinuxTV
10K
Linux Essentials - Cron
LearnLinuxTV
10K
Linux Essentials - Understanding File & Directory Permissions
LearnLinuxTV
16K
Full-Time Linux Users React to the Linus Daily Driver Challenge Video
LearnLinuxTV
52K
5 Easy Tweaks to increase your Linux Server's Security
LearnLinuxTV
10K
Linux Essentials - Bash Aliases
LearnLinuxTV
7.8K
Proxmox VE Full Course: Class 10 - Backups and Snapshots
LearnLinuxTV
6.9K
Linux Essentials - Managing Users
LearnLinuxTV
13K
Why Universal Linux Apps are GREAT!
LearnLinuxTV
17K
Linux Essentials - awk
LearnLinuxTV
11K
Linux Essentials - Automatically mounting storage volumes with /etc/fstab
LearnLinuxTV
14K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.