Generating a RSA Key and Setting up Key-Based Authentication on Linux

After writing the previous post about key based authentication on Cisco IOS, I relized the same knowledge for linux based systems would probably be useful. The process is much the same as described in that post. We will generate a RSA key on a local machine, then add our public key to the remote host as a pre-authorized key.

Note: This assumes a basic SSH server on the remote machine is already set up.

First up, generate a key-pair on the local machine. This is a simple one line command, ran as the user you are logged in as. We do not want to 'sudo' this command, as invoking 'sudo' would run this command as the root user.

ssh-keygen -t rsa

This command generates a key pair, with the type of RSA, and stores it where you specify with the default location being: ~/.ssh/

Output of that command looks something like this:


Generating public/private rsa key pair.
Enter file in which to save the key (/home/mcornstubble/.ssh/id_rsa): Created directory '/home/mcornstubble/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mcornstubble/.ssh/id_rsa.
Your public key has been saved in /home/mcornstubble/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Lishpx64z/dUhBzPLf1FUDcv39W3iS1pBsvaQAPQZlA mcornstubble@CORTEX
The key's randomart image is:
+---[RSA 2048]----+
|     o*E    .oo..|
|     . O.o   . .+|
|      = =oo.  o =|
|       ...o.o.+o*|
|        S. o.* +o|
| .. o  o  + o .  |
|. .+ .o .. .     |
| o..o. o         |
|.o+. oo          |
+----[SHA256]-----+

Our next step is to copy our public key into the remote system

The public key that was generated can be displayed using the following command:

cat ~/.ssh/id_rsa.pub

The output expected will look something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmqKvBxbUNvxHdHMciWaEj1AwbvkRR0FwLdShwLgIPActIhXO4kTGgU9vA0Yq6NZfnfnJOh59OFHf1DUxq9lsNuXNne6nrA+v8v6D4rUrjpzCcYrkQ3XvMOgxdMABWgs42qBf10+wtVpWy+rCvyRju1hXEiS+YiVq6sMTiVQrKNwE6CLk0WEAlB+XdeuDREhqZ6YW1d1EfpumOHZwI541G+uhG/FEbe53cXYcWwL2eNhlzm4ZAajSSmgHGqSMJ77pySTM1gJnnxSjm5MWsjYcJ8XnCD4xDBMRcyplZqDgZgECtetnbZw2S7HmGwL1UALXxitE66uzyDXLJqqZ9oPxn mcornstubble@Mikes-MacBook-Pro.local

The Key Pair is the pre-requsite to enabling the SSH service. Now that we have our public key, we can copy this key to our remote machine. Copy the text of this key to the remote machine in whatever method is best (copying and pasting [literally] from your clipboard, scp'ing the key over to the machine, cat'ing the output of the file to the remote host, etc.

Now that we have the key copied, or held in our clipboard, we log into the remote machine. After logged in, we want to copy the text of our public key, from our local machine, into the ~/.ssh/authorized_keys file on the remote machine.

An example of an authorized keys file looks really just like your public key file (assuming there are no other keys there).

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmqKvBxbUNvxHdHMciWaEj1AwbvkRR0FwLdShwLgIPActIhXO4kTGgU9vA0Yq6NZfnfnJOh59OFHf1DUxq9lsNuXNne6nrA+v8v6D4rUrjpzCcYrkQ3XvMOgxdMABWgs42qBf10+wtVpWy+rCvyRju1hXEiS+YiVq6sMTiVQrKNwE6CLk0WEAlB+XdeuDREhqZ6YW1d1EfpumOHZwI541G+uhG/FEbe53cXYcWwL2eNhlzm4ZAajSSmgHGqSMJ77pySTM1gJnnxSjm5MWsjYcJ8XnCD4xDBMRcyplZqDgZgECtetnbZw2S7HmGwL1UALXxitE66uzyDXLJqqZ9oPxn mcornstubble@Mikes-MacBook-Pro.local

That's it! The user will now authenticate via the key, and not the password. For added security, password authentication could be disabled, adding some protection to dictionary based attacks.


 

© 2019