Versions Compared

Old Version 8

changes.mady.by.user John McKeever

Saved on

compared with

New Version 9

changes.mady.by.user John McKeever

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SSH (Secure SHell) is a generic term for a software package or command which implements the SSH communications protocol to enable secure system administration and file transfers over insecure networks. It is used in nearly every data center, in every larger enterprise.

An SSH key is an access credential that fulfils a similar function to that of user names and passwords. The keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users. A key comes as a pair of files: a Public key (also known as an Authorized key) and a private key (also know as an Identity key) .

Public keys are analogous to locks that the corresponding private key can open. Private keys are used by an SSH client to authenticate itself when logging into an SSH server and are analogous to physical keys that can open one or more locks (Public keys).

Many components of MettleCI are integrated using SSH to avoid the need for various software components to repeatedly prompt users for authentication credentials.

Instructions - Windows

The easiest way to generate an SSH key on Window is to use the de facto Windows SSH client called PuTTY. When you use the PuTTY MSI package installer you can also install the PuTTYgen utility which is what you will use to generate your SSH key for Windows. You can also just download and install the PuTTYgen executable separately if you prefer.

Generate your public and private keys

To generate an SSH key with PuTTYgen, follow these steps:

  1. Open the PuTTYgen program.

  2. For Type of key to generate, select SSH-2 RSA.

  3. Click the Generate button.

  4. Move your mouse in the area below the progress bar. PuTTYGen will use your random mouse movements to generate a random ‘seed’ value for the key. When the progress bar is full, PuTTYgen generates your key pair.

  5. Type a passphrase in the Key passphrase field. Type the same passphrase in the Confirm passphrase field. You can use a key without a passphrase, but this is less secure.

  6. Click the Save private key button to save the private key.  You will need this key file to connect to your machine.

  7. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All.

  8. Right-click again in the same text field and choose Copy.

Note

Be sure never to add any extra whitespace to your key file, as this could render it unusable. This can commonly occur when the file is opened and saved by a text editor. There’s no reason to every manually edit your key file.

PuTTY key generator

Copy your public key to the target server (SSH possible)

  1. Open PuTTY and under ‘Session' enter the Host Name (or IP address) of your target server

Copy your public key to the target server (SSH not possible)

  1. Open WinSCP

    1. Select File protocol: SCP

    2. Enter Host name and User name

  2. Click Advanced

  3. Go to SSH → Authentication

  4. Click … next to Private key file and provide your ppk file saved from PuTTYGen.

  5. Click OK

  6. Back on the original Login click Save then Login

Instructions - Unix

Here’s an example of creating and deploying an SSH key to avoid a username/password prompt when connecting from one host ('localhost', in this example) to another ('remotehost').

  1. If you already have an SSH key, you can skip this step. You can just hit Enter for the key and both passphrases (less secure):

    Code Block
    localhost:~$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa): .ssh/mykey
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/username/.ssh/mykey.
Your public key has been saved in /home/username/.ssh/mykey.pub.

  2. Copy the public key of your computer to the trusted keys of the target server:

    Code Block
    languagebash
    localhost:~$ ssh-copy-id -i .ssh/mykey user@remotehost
user@remotehost's password: ••••••••

  3. Now try logging into the machine, with ssh 'user@remotehost' to verify the keys we’ve added:

    Code Block
    localhost:~$ # Create the .ssh directory:
localhost:~$ mkdir ~/.ssh

localhost:~$ # Set the right permissions:
localhost:~$ chmod 700 ~/.ssh

localhost:~$ # Create the authorized_keys file:
touch ~/.ssh/authorized_keys

localhost:~$ # Set the right permissions:
chmod 600 ~/.ssh/authorized_keys

localhost:~$ # verify
localhost:~$ ls ~/.ssh/authorized_keys

  4. Finally check you can log in using your new key…

    Code Block
    localhost:~$ ssh id@server
user@remotehost:~$

    You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase (more secure).

Filter by label (Content by label)
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@873786c5
sortmodified
showSpacefalse
reversetrue
typepage
cqllabel in ( "security" , "authentication" , "ssh" ) and type = "page" and space = "MCIDOC"
labelsssh security authentication
Page Properties
hiddentrue

Related issues