Introduction of Ubuntu Server ConstructionCreate a private / public key pair for SSH public key authentication with ssh-keygen
Using the ssh-keygen command, SSH secret for public key authentication You can create a key / public key pair.
First, move to the directory "~ / .ssh" where you want to save the SSH private key. In this directory, use the ssh-keygen command to create a private / public key pair.
cd ~ / .ssh
If the "~ / .ssh" directory does not exist, create it with the mkdir command. .. It is recommended to specify permission 700, as improper permissions can cause trouble. The permissions are set with the chmod command.
mkdir -p ~ / .ssh chmod 700 ~ / .ssh
To generate a public / private key pair, run the ssh-keygen command.
ssh-keygen -t rsa
You will be asked for the name of the file to generate, so enter "id_rsa_example". Change the example part according to the purpose.
The files "id_rsa_example" and "id_rsa_example.pub" are created. "Id_rsa_example" is the private key and "id_rsa_example.pub" is the public key.
When asked to enter a passphrase, press the passphrase to enter the passphrase, or Enter if you do not need it. You will be asked to re-enter, so enter the same passphrase. If you have not set a passphrase, press Enter.
A passphrase is "a thing that is set in the private key file for the purpose of protecting the key" and is "separate from the login password".
Private key
Contents of private key
Let's display the contents of "id_rsa_example" with the cat command.
cat id_rsa_example
It will be displayed as follows.
----- BEGIN RSA PRIVATE KEY ----- MIIEowIBAAKCAQEA4CEvH2b3HvgxOqRMKYaTpvcHmmYVuPGxg3784eQPGu9UJgl9 tC / 3xw7RJvK / pXm85Dee4vH1X8Z2W3tLrwvGZ + 62imWADNvG33uiMGPOoO / d0RUp NgaO5ZnJTbe3T56BHRoI7 + QOX5KICNq4RH6Qs3 + 1UFeAjlg0ASv0wauyCWuuR46 / U0wWUT126Th5iN2uTNeF0mM3Y0Mb4TVgnH0fQPvEKF9lZApWUe7lYFeCgfJ5drP2 yU7wv7g5jKiHjiiXS8wdn8SOB8n70JwM / IkbbyIqCKfGCR / hVxGZBxrAidn8uRzL Y2YkrZqvP62d6jvlJrgMjgA4yVr7viDYjwN7KwIDAQABAoIBAQCCNYUk3zLOQS6I fQ7qSQ7av0UhhBE2ouOYG1xa95127neaqYTn + 74dXRRRZlHEltcQVuftvNfqzmfQ ee7cQSEBHIPcH1 + nGL + O8kqlhjZy9SeO4pZQlrrJ1PBIQGU00kb8WzW5 + GoJSB3T 1w2abVUvkxAJHuzGxaNg0uKc6VzDbz877 + dPgJD4vnLvYsyy8IKyCR2KrDRdv + JT hR / 2OlqlPuFLKWyA1xDHcIuv9ie8u0yaOQU0rnMJSEp7BCedsPUXV0RBgFgcT49O 61G7ufVDvQxEe3tFEWfpT1guFlMtYlveUPo3gsJDQZo / zfZofcqyHC / gE8I1KkMd c9kDOnvRAoGBAPAyljHDjG1KKgTyETggzO9RKxlYT0ALvd8xrDoFCWIavcfoA6Gl / RYOt2iihh6PXQO99Igvyffkikaar4FNGxnHE72VJbwQdChxYWnN / gUlphQr / nsJ fauALRWNxGueOJTaaz9vnGbTL8Ky5RLkzPjf / hp9ujr / sllyGatFJz8NAoGBAO7f + ulN6Rot9OGUrdnV7F99HtMOSNkjnIcRW0V4rp6c4Q89LhXx9kWVmcR3jkoYdV16 ouZ5AXUc43OTPosydVOdMTeSo0YfCNPu / fU7PWTqpp6qn / ZKAdeiiHgIspYkix1k o2xY7v4h0yU8MOvMwDEPle7qQoGssI17b / vLY9UXAoGASG3YoHTo + WOtvAQKcTRi 159QMbpRW2yu + oiN + IjgRXbu10L9JVdaM7aIU8L + UmTElYZIIHDYpCmEELpARess St + e8kHxOP51KGTYDQGSoZayt850VEGOZZKnBaLUIed6BFjAkkZjkRYJhtpO / R2F OV7Bztcuuu + zpgkj + GNH7FkCgYAzp8O + h9aMjruRvHEL1jLTQ19TDJe8PPMwUhSG pV49dndEsFoy7KvwyDUEQ0ZFx5w5prdrV2d1R9X3vDOeLj8o4aku90rPcw6ZpejN Cw5vsD5vuT32KHLVipQwQNE9npFmvciJOYIU + oOKXcXGd / Rnp5MoowfWut1C + xpw PL9N6QKBgAzbxGL41apbLHuZ + duuz5D8Kbolhcke61 + MSXNjvJIvOJruDt6F8TZY mJ4gSaRUf9C9315 + kRg0UmZafRNW6rVYcxbU9sDVLMPWS1LYd3JXx03Ac5sHK7Ks BxFxFujQ1PG44DZBGRWoUGht + Bu / ZBtf9faiS8yR6U5p9AKARGE2 ----- END RSA PRIVATE KEY -----
Private key permissions are 600
The private key permission must be 600. If created using ssh-keygen, the permissions will be set to 600, but if you have copied the contents of the private key from another server, chmod command to set the permissions to 600.
chmod 600 id_rsa_example
The private key used by default for the ssh command is id_rsa
The private key used by default is id_rsa. If you don't know this, you'll be confused if you use your private key for SSH public key authentication. For information on how to specify the private key file and how to specify the path of the private key file to a specific domain in the configuration file, refer to the ssh command article.
The SSH client uses a private / public key pair to connect to the SSH server. If you don't have a public key, it will generate one from your private key.
Public key
Contents of public key
Let's display the contents of "id_rsa_example.pub" with the cat command.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjSsucYA958wTIKUcPRXC2iZxb84FXkzm41 / jzpfnUeBFsypS8xfTXpfDaSIYeMDyr9pIUfDuWWPykoofL4WZaJYDy5pQclFwby / KttDRAnm0XZQ2ZDUtnrUUdva55mxOcTJP0c1VWXpwrhBA + JSFLOGB8wxCV8UFh9XWXI4c5QKQ / Hyl8 // nXT6suQf199VNf4Ru31rs + 49FDW9FyvoX1GGEEBJCT2ROVD6qi1xY766PuhM / 4OMQeIxZmZg8ysML307viqkKh / 2mecwkdV1mxGQt8GbO3gvTOX5h9p7tGEwa3zSHhxudux1Kf6Pfcg4FwKuld8r77DKMXEszpRI11 myapp @myhost
This is the content of the public key registered on the remote server.
Registration of public key on the server side
To set the public key generated on the client side on the server side, register it in "~ / .ssh / authorized_keys". Please note that the public key file created by ssh-keygen is not installed as it is. Open "~ / .ssh / authorized_keys" with the vi command and register the public key.
vi ~ / .ssh / authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjSsucYA958wTIKUcPRXC2iZxb84FXkzm41 / jzpfnUeBFsypS8xfTXpfDaSIYeMDyr9pIUfDuWWPykoofL4WZaJYDy5pQclFwby / KttDRAnm0XZQ2ZDUtnrUUdva55mxOcTJP0c1VWXpwrhBA + JSFLOGB8wxCV8UFh9XWXI4c5QKQ / Hyl8 // nXT6suQf199VNf4Ru31rs + 49FDW9FyvoX1GGEEBJCT2ROVD6qi1xY766PuhM / 4OMQeIxZmZg8ysML307viqkKh / 2mecwkdV1mxGQt8GbO3gvTOX5h9p7tGEwa3zSHhxudux1Kf6Pfcg4FwKuld8r77DKMXEszpRI11 myapp @myhost
"Authorized_keys" can register multiple public keys, and you can also set each public key.
If you want to register more than one, please change the line.
ssh-rsa AAAAB3NzaC1yc2EAAAAADAQABAAABAQCjSsucYA958wTIKUcPRXC2iZxb84FXkzm41 / jzpfnUeBFsypS8xfTXpfDaSIYeMDyr9pIUfDuWWPykoofL4WZaJYDy5pQclFwby / KttDRAnm0XZQ2ZDUtnrUUdva55mxOcTJP0c1VWXpwrhBA + JSFLOGB8wxCV8UFh9XWXI4c5QKQ / Hyl8 // nXT6suQf199VNf4Ru31rs + 49FDW9FyvoX1GGEEBJCT2ROVD6qi1xY766PuhM / 4OMQeIxZmZg8ysML307viqkKh / 2mecwkdV1mxGQt8GbO3gvTOX5h9p7tGEwa3zSHhxudux1Kf6Pfcg4FwKuld8r77DKMXEszpRI11 myapp @myhost ssh-rsa CCCAB3NzaC1yc2EAAAADAQAnAABAQCjSsucYA958wTIKUcPRXC2iZxb84FXkzm41 / jzpfnUeBFsypS8xfTXpfDaSIYeMDyr9pIUfDuWWPykoofL4WZaJYDy5pQclFwby / KttDRAnm0XZQ2ZDUtnrUUdva55mxOcTJP0c1VWXpwrhBA + JSFLOGB8wxCV8UFh9XWXI4c5QKQ / Hyl8 // nXT6suQf199VNf4Ru31rs + 49FDW9FyvoX1GGEEBJCT2ROVD6qi1xY766PuhM / 4OMQeIxZmZg8ysML307viqkKh / 2mecwkdV1mxGQt8GbO3gvTOX5h9p7tGEwa3zSHhxudux1Kf6Pfcg4FwKuld8r77DKMXEszpRI11 myapp2 @myhost
Let's set the permission to 600. This is not required, but 600 is recommended.
chmod 600 ~ / .ssh / authorized_keys
Example of using SSH public key authentication
Automation of backup with rsync
When automating backup with rsync, if you are asked to enter a password, it cannot be automated, so use SSH public key authentication to authenticate SSH users. I will do it.
User login
If you want to authenticate the SSH key to SSH login instead of the user's password.
Github
When you use SSH on Github to get / update the Git repository, you need to register the public key on Github.