# ssh ## Create an SSH Key {% hint style="info" %} ED25519 is generally recommended as a better option than RSA 4096 {% endhint %} {% code overflow="wrap" %} ```bash # Create an ED25519 key pair ssh-keygen -t ed25519 -f ~/.ssh/new_key # Create a 4096-bit RSA key pair ssh-keygen -t rsa -b 4096 -f ~/.ssh/new_key # Add this to the above commands to create the key without a passphrase -N "" # The command will output two files (private and public key pair) new_key new_key.pub ``` {% endcode %} *** ## Add an SSH Key to the authorized\_keys file {% hint style="warning" %} If you have code execution on a system and SSH is configured, you can add your Public SSH key to it and be able to SSH into it with your Private key (provided SSH is enabled) {% endhint %} * You'll need to add your Public key to the system you want to SSH into and then you can SSH using your Private key {% code overflow="wrap" %} ```bash # Add the key to the target authorized_keys file to then ssh into it ssh-copy-id -i ~/.ssh/new_key.pub user@host # Another option echo $(cat ~/.ssh/new_key.pub) >> ~/.ssh/authorized_keys # The public key should be added to the ~/.ssh/authorized_keys file on the host cat ~/.ssh/authorized_keys ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJheI2Qn4O8UamoMG8AgWL4YvH2YPtUQUl6ERRczNWZE parallels@kali-linux-2024-2 ``` {% endcode %} *** ## Generate a Public Key from a Private Key * With access to a Private Key, we can generate the corresponding Public Key * This is useful if we've lost the key or to get information on the user and system it was generated on {% code overflow="wrap" %} ```bash ssh-keygen -y -f ~/.ssh/new_key > ~/.ssh/new_key.pub ``` {% endcode %} *** ## Specify a Specific SSH Key to Use * If you have multiple SSH keys loaded into your SSH agent and try connecting to a server, sometimes the server will reject the connection because too many keys are being used to authenticate * The way around this is to use the parameter `-o "IdentitiesOnly=yes"` which specifies the exact key to use i.e., any other SSH keys will be ignored {% code overflow="wrap" %} ```bash ssh -i ~/.ssh/my_key -o "IdentitiesOnly=yes" user@host ``` {% endcode %} *** ## Certificate-based Authentication for SSH * Certificates provide more security over passphrases but require a Certificate Authority (CA) to set up * Additionally, Certificates have metadata that can be used for user identification, expiring access, role-based access control, and more * There's a [great blog post from Teleport](https://goteleport.com/blog/how-to-configure-ssh-certificate-based-authentication/) on this --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.techwithtyler.dev/coding-and-cli-tooling/cli-tools/ssh.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.