Linux Crash Course - Public Key Authentication

Подписаться 678 тыс.

Просмотров 34 тыс.

50% 1

Public Key Authentication with OpenSSH is preferred, as it's a much stronger method of authenticating to your servers when compared to using password authentication. In fact, password authentication in OpenSSH should always be disabled. But before you can password authentication, you'll need to set up public key authentication, and that's exactly what we'll do in today's video.
Helpful OpenSSH content to take your knowledge even further:
🐧 Locking down OpenSSH (goes over disabling password authentication):
➡️ • 5 Easy Tweaks to incre...
🐧 Full OpenSSH Guide (goes over even more detail than this):
➡️ linux.video/ssh
Timecodes:
00:00 - Intro
02:32 - Checking if the OpenSSH client is present (Linux)
03:10 - Checking if the OpenSSH client is installed (MacOS)
03:44 - Installing PuTTY (Windows 10)
05:12 - Generating an SSH keypair (Linux and macOS)
08:40 - Testing OpenSSH connectivity (Linux and macOS)
09:30 - Copy the public key over to a remote server (Linux and macOS)
12:09 - Setting up a session for a server in PuTTY for Windows
13:38 - Creating an SSH key pair in Windows with PuTTYgen
15:40 - Using a PEM key to connect to a Linux server via PuTTY in Windows 10
VIDEO SPECIFIC LINKS
💻 Download PuTTY:
➡️ www.chiark.greenend.org.uk/~s...
About Me
🐦 Follow me on Twitter!
➡️ learnlinux.link/twitter
📘 FAQ
• What is a "Distribution" of Linux? ➜ linux.video/what-is-a-distro
• What is a "Desktop Environment"? ➜ linux.video/desktop-environment
• Which Linux Distro should I use on my Server? ➜ linux.video/which-server-distro
• How do I create USB install media? ➜ linux.video/install-media
• How do I create multi-boot USB media? ➜ linux.video/ventoy
• How do I connect to a Linux server via SSH? ➜ linux.video/use-ssh
• How do I exit vim? ➜ linux.video/vim
• How do I use APT? ➜ linux.video/apt
• How do I use DNF? ➜ linux.video/dnf
• How do I use pacman? ➜ linux.video/pacman
• How do I use zypper? ➜ linux.video/zypper
• What the heck is a "Flatpak"? ➜ linux.video/flatpak
• What is a "Snap" package? ➜ linux.video/snap
• How do I install Arch Linux? ➜ linux.video/install-arch
• How do I configure SSH on my server? linux.video/ssh-server
• How do I install updates? ➜ linux.video/updates
• What server tweaks should I implement? ➜ linux.video/every-server
• How do I use LVM? ➜ linux.video/lvm
• How do I use Git? ➜ linux.video/git
• When will the "Year of the Linux Desktop" Happen? ➜ linux.video/yotld
• Do you have a sense of humor? ➜ linux.video/lol
#SSH #OpenSSH #Linux

Наука

Опубликовано:

21 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 67

@blkspade23 2 года назад

The SSH client has been a standard part of Windows 10 for quite some time now.

@Ranblv 2 года назад

I am very inspired by how much you give back to the linux community. so today I started my own linux blog in my language. not sure how long I will last but I made the first step.

@ClifBridegum 2 года назад

AMAZING! This tutorial is perfect! I have been struggling big time with how to generate and share keys. Thanks for covering all platforms.

@cip7495 2 года назад

the best professor from the entire internet !!! THANK YOU!!!

@ralpht4551 2 года назад

Win10 since 1604 i think, also supports SSH in cmd.

@stormbowman7148 2 года назад

Yeah, it is definitely default on my Windows 10. Including ssh-keygen. If you are curious Go to Apps > Optional Features and verify that Open SSH Client is shown as installed. It should be on current versions of Windows 10.

@diablobarcelona 2 года назад

Would be really nice to for you to do a video on SSH User Certificates. They're absolutely superb, and make light work of managing users access to systems via SSH keys.

@praecorloth 2 года назад

Hey Jay! Quick side note. Windows 10 does come with OpenSSH by default now. I forget which update brought it in, but Microsoft ported OpenSSH to Windows. The client is there by default, and you can install the server portion really easily. Just fire up a cmd or Powershell prompt, and ssh wherever you'd like to go. The ssh agent doesn't seem to be working yet, they have that disabled by default. And Windows won't use Pagent, so using keys properly can be quite the nuisance. But, then again, working in Windows in general is just a nuisance. :D This opens up the ability to manage your Windows servers using Ansible and SSH, rather than Ansible and...shudder...WinRM.

@try-that 2 года назад

Just started watching, gotta say I like the new opening, very nicely thought out and done.

@bw_merlin 2 года назад

This was brilliant, nice and simple.

@NinthwaveThe 2 года назад

At 14:40, why would one create a notepad file to save the public key if it's available within the PuttyGen when loading back the private key ?

@whatevah666 2 года назад

nice, something that would be cool if you could do a tutorial on is how one can log onto linux via ldap and use groups for giving user sudo access and all that jazz, thanks!

@benjaminwharton6264 2 года назад

Thanks for the content!! This helped a lot.

@zm_gawr1638 Год назад

I have put elementary os on my old macbook from 2008 but the keys are completely wrong, do you know how my mac keys(cmd,alt,ctrl) work on elementary os?

@christosbinos8467 5 месяцев назад

does anyone run into the issue where the password is simply never correct, when you know it is? What is thst caused by?

@AnzanHoshinRoshi 2 года назад

Thank you, Jay.

@saidneder41 2 года назад

Thank you jay!

@NoEgg4u 2 года назад

@7:04 -- Setting a passphrase What would you need to do, if you did set a passphrase, but sometime later, you want to change your passphrase? Would you need to generate a new key pair, and upload the your new public key, to every server that has your old passphrase?

@irfandjokovic5843 2 года назад

You should be able to generate a new passphrase for the existing private-key using ssh-keygen -p

@NoEgg4u 2 года назад

@@irfandjokovic5843 Is that all? Just one command, and all is done? All of the servers will recognize the new key, and all logins to those remote servers will continue to work?

@jetardeshna3449 2 года назад

@@NoEgg4u Good question lol. Gonna research the same, let me know if you found anything.

@humangarbage3386 Год назад

my kali did not have ssh installed

@s4shermman 3 месяца назад

Awesome vid

@subee128 5 месяцев назад

Thank you

@manoharreddyy1627 2 года назад

It is helpful and straightforward

@LearnLinuxTV 2 года назад

Thank you!

@danbrown586 2 года назад

Windows 10 *does* include an ssh client by default--just pull up CMD or PowerShell and run ssh user@host, just like in macOS or Linux.

@Ranblv 2 года назад

I use powershell based ssh all the time but I am not sure it will remember a private key or a public key unless you will use a very long command for it.

@praecorloth 2 года назад

@@Ranblv Powershell and CMD should both be using the same ssh command. You can define what keys it should use in an ssh config file. In most *nix systems, that's going to be /home/youruser/.ssh/config. In Windows, it's c:\Users\youruser\.ssh/config. I cannot recommend ssh config files enough. Definitely something to have in your toolbox. But just to get started, edit that config file, and put IdentityFile = C:\Users\youruser\.ssh\yourprivatekey Save it, close it. Now every time you ssh somewhere, you will use that private key.

@viliusk234 2 года назад

Winodow 10 Pro has ssh client, and ssh-keygen

@andersmeiniche2746 2 года назад

How about to disable the password login ;o)

@flierfy 2 года назад

Is it enough to remove the public key from the authorized_keys file to reverse the process?

@arijitkumarhaldar3197 2 года назад

Yes

@cloudagnostic 2 года назад

Hi jay, I’ve implemented keys to connect to my servers in my lab, but I also make changes to the ssh config file to disable the pw prompt if someone tries to log in. Is that still necessary following this method?

@danbrown586 2 года назад

If you're authenticating using public keys, SSH shouldn't prompt for a password. But if you want to prevent users from logging in with a password, instead requiring public key authentication, you'd need to edit the sshd_config.

@cloudagnostic 2 года назад

@AstroCat yes! This is what I’ve always done to lockdown ssh.

@iankirk3537 2 года назад

It is optional to disable ssh password identification. If you leave it enabled then you can still connect with a password, that is why RU-vid videos don't mention it. So people don't lock themselves out and blame the video.

@huntercoleman1347 2 года назад

I have a question about setting up PKA. If you do this, and disable password authentication, then what happens if your laptop blows up or gets stolen? Wouldn't you be locked out of your server forever? If you can only access your server through PKA, and you lose your computer that has the private key on it, then what happens?

@LearnLinuxTV 2 года назад

The first thing to think about, is whether or not you have the ability to view a console window. For example, many (if not most) cloud providers allow you to connect to the server via some sort of web console, kind of like a web KVM. You can still log in to that with your password, and you can temporarily enable password authentication to copy a new key. Virtualization solutions also allow you to access a console. If it's a physical server, you can plug in a monitor, keyboard, and mouse if it comes down to it. Disabling password authentication doesn't apply to console access, just access via OpenSSH.

@huntercoleman1347 2 года назад

@@LearnLinuxTV Thank you.

@unbekannter_Nutzer 2 года назад

You should always have a backup. To be more precise, 3 backups. A backup on a second drive, a backup on a second machine and a remote backup, in case of a fire at your home/workingplace.

@raul230285 2 года назад

AMAZING...!!!

@martinshin9801 2 года назад

Nice video! Can you use the same public key to connect to different servers? Or, can you create multiple pairs for individual servers you connect to?

@arijitkumarhaldar3197 2 года назад

You can do either... according to your convenience

@LearnLinuxTV 2 года назад

You can - but I'm going to create a separate video about multiple SSH keys in the future, and I think that video will help everyone understand better how that works. I don't have an ETA yet, but it WILL happen. :)

@redmictian 2 года назад

@@LearnLinuxTV please, cover security concerns in that video

@NinthwaveThe 2 года назад

At 5:45, you mention that ssh-keygen will overide the actual one, if any. But you don't mention the consequences of that... If one is already there and you create a new one, is it a problem if you then copy the new key to the server ?

@garolstipock 2 года назад

No.. Just so you know what servers/services you need to update with your new key now that your prior key private & public key are gone.

@yuriw777 2 года назад

Thx for the video! Question - do I have to disable password authentication on the ssh server in order for this to work properly?

@arijitkumarhaldar3197 2 года назад

No... actually key authentication takes higher preference...but if the keys don't match for some reason...ssh reverts back to password authentication. So..in a hypothetical attack situation..it leaves the password to be breached. So.. password authentication is disabled in ssh config file. But..you don't mandatorily need to disable it for key authentication to work.

@yuriw777 2 года назад

@@arijitkumarhaldar3197 I understand it is not required, but why would the password authentication option stay enabled to invite possible attacks?

@LearnLinuxTV 2 года назад

It's recommended to disable password authentication. I have a separate video about that. I'll place a link to that video into the description for this one.

@arijitkumarhaldar3197 2 года назад

@@yuriw777 Ya..sorry... maybe I wasn't clear about it. You are absolutely right if you are doing that for security reasons. But..if you are just testing out key authentication, then you don't mandatorily need to disable password authentication for key to work. In the long run, it is recommended to disable password authentication altogether.

@ArtyomGalstyan Год назад

Does not work for me. I did everything correct, but the server still asks for the password. I checked file permissions, checked the config files, basically did everything, but it still does not work. Even chatgpt did not help.

@daredevil6145 Год назад

because it is the password for the server, his server 172...

@soniablanche5672 Год назад

ssh comes with windows 10 and is usable with powershell

@LearnLinuxTV Год назад

Yup. And I wasn’t aware of that until about two weeks ago. Always something to learn!

@soniablanche5672 Год назад

@@LearnLinuxTV I was actually using ssh with git bash up until I learned it comes with powershell

@grmasdfII 2 года назад

Key management next please ;P

@LearnLinuxTV 2 года назад

That's absolutely on my list. It may take a bit of time, but I'm going to see if this is something I can get out by the end of October. It's a very important topic to cover for sure. Thanks!

@steffiesing5449 2 года назад

i want a sticker of your logo , so i can stick it to my laptop :D

@LearnLinuxTV 2 года назад

I'll make a note to start offering that, not sure when it will be ready, but I'll make it happen. I actually want one too. LOL

@crazyivan315 2 года назад

Using putty in a world where windows terminal exists...

@LearnLinuxTV 2 года назад

PuTTY is still a valid solution though. And other methods within Windows are also fair game for stand-alone videos. I'm not done with this topic just yet.