SSH Keys

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so welcome back let's take a look at SSH keys so when you access another computer you probably use a password we use passwords all the time lots of websites have them but for us from a security perspective they are horrible for most of you your password probably contains one two three four or five six seven eight unless you're a systems administrator in which case your password is probably just God but they're really easy to crack there's a lot of websites you can go to that have lists of passwords and especially in light of some of the big breaches of websites around the world there's just common lists where people have taken all the passwords and figured out what people use frequently so there's a much better much more secure alternative to using passwords that's much safer and it's called using SSH keys it's a little bit of a tricky concept but in practice it's really quite simple and once you get it up and running it's really easy to use SSH keys because you don't have to remember any password the concept of SSH keys is that there are two files that we're going to use there's a private key and a public key now as the name suggests you can do different things with the different keys the private key is super secret because if I get access to your private key I can pretend I'm you so the private key you've got to take real care of you shouldn't share it with people you shouldn't put it anywhere public like on a website or anything like that you should really make sure that you know exactly where it is the public key as it as its name suggests is public it doesn't matter where it is you can put it anywhere you can do anything with it you can post it on websites you can email it to people you can put it on remote servers you don't trust it really doesn't matter because the public key can only do so much you need the private key to pretend to be you so the way that this works is that we have two different computers we have let's say here's your laptop and here's the little mouse and we have a server that we're going to connect to and our server is a big server that sits in a track with lots and lots and lots of machines and lots of memory and lots of blinking lights the blinking lights are the most important thing for any server to have and so we've got lots of blinking lights in our server okay so we want to access the server from our laptop or our desktop machine the way that we do this is that we use keys so we make sure that our private key is on our private machine on our laptop on our desktop only on one machine we have access to that machine nobody else does we make sure that it's safe the public key of course can be anywhere so we put the public key on the server okay and we use SSH to make the connection and we say - SSH I want to connect to this server and I'm going to use the private key so SSH reads the private key and says to the server I want to connect you but I want to use the public key equivalent of the private key these two files are related the public key is can be calculated straight away from the private key but not vice versa so the server says ok yes I've got that public key it generates a random string of characters and letters and numbers and makes a random string and it uses an algorithm to encrypt that random string using this public key the only way you can decrypt that that random string is by using the private key you can't decrypt it using the public key this is a one-way encryption you have to have the private key to decrypt it so the server says great you want to access me using this key here's the random string here's the random string decrypt it and prove that you've decrypted it so your laptop takes that string decrypt it does a little calculation on the string doesn't actually send the exact string Brak but does a calculation on the string that proves that it really did decrypt it and sends that calculation back to the server if your laptop got the right string on the decryption the services okay cool you've obviously got the private key you can come in and do work if on the other hand your server has the wrong key then it won't get the calculation right and the server will say sorry you're not allowed in you don't have access you don't have the private key so the key to keys is that you have two files your private key and your public key the public key can go anywhere can be on anything the private key belongs to you and you alone and you shouldn't share it with anybody now in the computational genomics class we're using Amazon Web Services and Amazon Web Services uses a PE M file for its private key so that file is super secret and you shouldn't share it with anybody because it would allow them to access your machines the server already has the public key because it creates it from the PM file before it gives it to you if you want to create your own public keys you can place them on Amazon and use that as well and then they get placed into the server when your Amazon Web instance gets booted up now you can log in from any machine using the private key and you don't need a password it means that Amazon Web Services is protected because there's no password so you couldn't have set a simple password like Bob and it means that you're protected because only you can get in if you have that private key so the last part about using SSH keys is that to access the remote server from your private laptop you need some software that's going to run SSH and that depends on the computer that you're using so if you're using a Mac computer with OSX then you can use the application terminal that's provided in the utilities folder in your Applications folder if you're using Linux then I've no doubt you already know exactly how to do this and again you're just going to use terminal in both of these cases you open a terminal and you type SSH and it will connect to the machine if you're using Windows then there are several applications that you can use to connect via SSH one that I quite like is putty that I used quite a bit and there are some other applications that are included in the course material now one word of caution if you're downloading applications especially for Windows make sure that you're very careful about where you download the application from there's a couple of fake putty programs that have been circulating where instead of connecting to the server what it does is it reads your private key and then sends it to somebody else and remember your private keys private and so we don't want to send it to anybody else because that means they can access your server if you go for putty if you go to HTTP party org you can find the doubt the latest version to download there's only one other thing you need to know to access your ami instances on Amazon Web Services we've got SSH we've got our private keys we've got our applications that we're going to use and then the final thing we need to know is our username and for the Amazon instances that we're using we're going to log in as user II see - - user ok ec2 - user and that's our username we don't need a password because we've got our keys now with all of this you can connect to your Amazon instance that you've just booted up good luck

Info

Channel: RobEdwards

Views: 4,224

Rating: undefined out of 5

Keywords: computational genomics, bioinformatics

Id: dPAw4opzN9g

Channel Id: undefined

Length: 10min 11sec (611 seconds)

Published: Sat Aug 25 2018