search
LinkedInGitHubYouTube

ssh

Tips and tricks for working with ssh

hashtag
Create an SSH Key

circle-info

ED25519 is generally recommended as a better option than RSA 4096

# Create an ED25519 key pair 
ssh-keygen -t ed25519 -f ~/.ssh/new_key 

# Create a 4096-bit RSA key pair
ssh-keygen -t rsa -b 4096 -f ~/.ssh/new_key

# Add this to the above commands to create the key without a passphrase
-N ""

# The command will output two files (private and public key pair)
new_key
new_key.pub

hashtag
Add an SSH Key to the authorized_keys file

circle-exclamation

If you have code execution on a system and SSH is configured, you can add your Public SSH key to it and be able to SSH into it with your Private key (provided SSH is enabled)

  • You'll need to add your Public key to the system you want to SSH into and then you can SSH using your Private key

hashtag
Generate a Public Key from a Private Key

  • With access to a Private Key, we can generate the corresponding Public Key

  • This is useful if we've lost the key or to get information on the user and system it was generated on

hashtag
Specify a Specific SSH Key to Use

  • If you have multiple SSH keys loaded into your SSH agent and try connecting to a server, sometimes the server will reject the connection because too many keys are being used to authenticate

  • The way around this is to use the parameter -o "IdentitiesOnly=yes" which specifies the exact key to use i.e., any other SSH keys will be ignored

hashtag
Certificate-based Authentication for SSH

  • Certificates provide more security over passphrases but require a Certificate Authority (CA) to set up

  • Additionally, Certificates have metadata that can be used for user identification, expiring access, role-based access control, and more

  • There's a great blog post from Teleportarrow-up-right on this

PreviousngrokNextCoding and Scripting

Last updated