UP | HOME

Secure Shell

Table of Contents

Press m to reveal the entire page or ? to show all shortcuts.

1. Overview

Secure communication between computers is enabled using secure shell (ssh). To access a remote computer via the command line, we can use a command such as 

> ssh user@curie.physics.hmc.edu
  user password: xxxxxxx

Secure shell communication typically happens over port 22, which should be opened in the ufw.

For more secure and convenient access to a machine, you can generate a public/private key pair using ssh-keygen. Then you copy the public key to the computer you are trying to connect to and install it. After you do this, you won't be challenged to provide your password when you issue a command such as the one above and will be directly logged into the remote machine.

2. Setup

First check whether there is already a public/private key pair: 

user$ ls -l ~/.ssh

total 96
-rw-------  1 user  staff   1679 Jul  9  2017 id_rsa
-rw-r--r--  1 user  staff    405 Jul  9  2017 id_rsa.pub
-rw-r--r--@ 1 user  staff  15762 Jul 22 14:17 known_hosts

Note that the private key file, id_rsa, is not visible to those in the staff group or others, only to user. You may also have public-private key pair in a different format, such as the more recently developed ed25519 format.

If no key exists, you will see 

ls: ~/.ssh: No such file or directory

In that case, run the command ssh-keygen -t ed25519. You will be prompted to enter an optional passphrase. It is much handier not to enter a passphrase, so simply press enter twice. 

user$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/Users/saeta/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/saeta/.ssh/id_ed25519.
Your public key has been saved in /Users/saeta/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:ZmI5KDaFht4/pmXqfemcdU89m2/NJMBaZHTjRKDHVTA saeta@Saeta-MBP19.local
The key's randomart image is:
+--[ED25519 256]--+
|           .ooEo.|
| . .       oo= o |
|. o .     .+o .  |
|.... . .   .+    |
| .+.. = S  o .   |
| . o.. =  .   o .|
|     *  .. . . *.|
|    B ooo . o   B|
|  .+ .o+     . +o|
+----[SHA256]-----+

The ed25519 format was introduced fairly recently. You may need to generate an older style of pair. You can create an RSA key pair with 4096 bits with the following: 

user$ ssh-keygen -b 4096

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
SHA256:rZcZBBirwfcgMoHnizMjy0IR5bdL8/0UnKox7c0Lcok user@machine
The key's randomart image is:
+---[RSA 4096]----+
| .o.  .o.        |
|..oo  .. .       |
| o+.+.+   .      |
| ..o.=.o o. .    |
| ....+  S o+     |
|*.. . + +.o+.    |
|+=   . E.B+.     |
|o.      B.*      |
|.      . . =.    |
+----[SHA256]-----+

Author: Peter N. Saeta

Created: 2022-09-16 Fri 21:18

Validate