The compromise betwen convenience and security is always a pickle. For example 2 Factor Authentication (2FA) is essentially required for modern security, but it is a hassle to take the next step. Sometimes my phone is dead, has no wifi, or is simply out of reach. But luckily not all security features are inconvenient. By setting up SSH keys you can create secure passwordless logins.
SSH keys provide a more secure way of logging in than a password only. Passwords can be eventually cracked with brute force attack, but SSH keys are nearly impossible to decipher. The public key cryptosystem requires a pair of keys. The public key is shared out widely. Often services such as your servers, github, etc. will ask for your public key, but you keep your private key a secret and only for you.
Step One - Create the RSA Key Pair
The first step is to create the key pair on your local machine.
$ ssh-keygen -t rsa
Step Two - Store the Keys and Passphrase
The prompt will ask you where you would like to save your key pair. This is typiccally somewhere like: /home/<user>/.ssh/id_rsa
.
This will create two files:
- id_rsa - this is your private key
- id_rsa.pub - this is your public key
The prompt will ask you if you would like to use a passphrase. Entering a password will require you to enter it everytime you use the key pair. Setting no password would allow passwordless entry, but it's secured using public key encryption. Since your public key is only decrypted using the correct private key it means you are clearing this computer. You can have several public keys associated to a server.
Step Three - Copy the Public Key
The next step to use your ssh key is to place the public key on the server you want to use. In this example I will demonstrate using Github.
On Github under your Personal Settings > SSH and GPG keys you can save your ssh key. Here you can select add new SSH key.
On this page you can name your key which is helpful if you are using and you copy over everything in your id_rsa.pub
file.
Thats it! You can now use ssh. You can test your ssh key pair with:
$ ssh git@github.com