SSH Key Pairs



  • To make access to our servers easier and more secure, we use SSH keys. When you create a key pair, you get a private key and a public key. The public key is transferred to the remote server and your private key stays on your device.

    Create the keys like this:

    ssh-keygen -t ecdsa -b 521
    

    In your home folder you will have a hidden folder named .ssh. Inside there will be a file named id_rsa which is your private key, and a file called id_rsa.pub which is your public file.

    You send the key to a server like this:

    ssh-copy-id user@host
    

    This will create a file inside the .ssh folder on the server named authorized_keys which will hold all of the public keys.

    This can be cumbersome if you need to add your key to multiple servers at once. Orchestration tools can make this process easier. With Ansible it's as easy as:

    - name: Copy SSH key
      authorized_key:
        user: jhooks
        state: present
        key: "{{ lookup('file', '/home/jhooks/.ssh/id_ecdsa.pub') }}"
    

    There are other methods for SSH key management like DNSSEC but I have not used them, so I can't comment on them.



  • Since the images disappeared, I added them as code.

    Also, Identity Management (FreeIPA) makes it really easy to store public keys in LDAP so any system joined to IdM can verify the key.