It’s likely that you’ve encountered the term SSH keys if you’re familiar with cloud technologies (e.g. AWS) or you’ve spent enough time within an IT environment. And even if you’ve seen and heard SSH discussed many times, you may still find yourself wondering what it means.
Essentially, Secure Shell (SSH) keys are an access credential used within the SSH protocol. They’re crucial to today’s biggest Infrastructure-as-a-Service (IaaS) platforms like Google Cloud and AWS. But how do they work? And how can you set yours up safely?
In this post, we’ll cover everything you need to know about SSH keys, starting with the SSH protocol.
When Did the SSH Protocol Emerge?
Tatu Ylonen, a researcher, developed the first incarnation of the SSH protocol in 1995. Ylonen was working at the University of Helsinki when a sniffing attack struck the institution’s network. This type of attack intercepts and records the target network’s traffic, providing attackers with essential access details (passwords, usernames) which they can then use to access vital assets.
The sniffing attack affected thousands of credentials, including ones that belonged to community partnerships. Ylonen took inspiration from the attack and started working on a way to increase network security. Eventually, he created the SSH protocol.
Since then, the SSH protocol has become incredibly popular for logging into one system from another remotely. Its powerful encryption enables users to perform tasks (e.g. managing network infrastructure or issue commands, all remotely) with peace of mind. Reliable security is particularly valuable when so many of us work remotely and use cloud solutions.
However, certain software products must be installed before you can take advantage of the SSH protocol. Remote systems should have the software known as SSH daemon installed, while the system being used for issuing commands and managing remote servers should carry the software named the SSH client. Both software products are essential to initiate an effective communication link via the SSH protocol.
Ultimately, SSH keys are an authentication method enabling users to access encrypted connections between systems, which they can use to manage a remote system securely.
Getting Started with SSH Keys
You’ll find SSH keys in various sizes, but the RSA 2048-bit encryption is a popular option. This is comparable to a password consisting of 617 digits. You can generate a unique SSH key on a Windows system if you download an SSH client such as PuTTY.
You can also create SSH key pairs on Linux and Mac systems via a terminal window. This may seem daunting, but it’s simpler than you might expect initially.
SSH keys are always supplied in pairs, comprising a private and public key. The type of pair is determined by who or what is in possession of the keys. If both the private and public key stay with the user, they’re known as user keys. But if the private and public keys are located on a remote system, the set will be called host keys. A session key is another form of SSH key, used to encrypt large collections of data during transmission.
Below, we’ll explain how private and public keys function, focusing on user keys to keep it simple.
User Keys Explained
The private key in a user key pair stays on the system used for accessing the remote system. This is used to decrypt data exchanged in the SSH protocol.
However, private keys must never be shared with others and need to stay secured on a system. The system will be protected, such as with full disk encryption, and the private key would be secured with a passphrase.
Public keys can encrypt information, get shared with others, and utilized by both the user and remote server. In terms of the server, the public key would be saved in a file containing a list of public keys which have been authorized. And on the user’s side, the key remains stored in a file located on the computer or within SSH key management software.
How to Use SSH Keys
You must generate a unique SSH key pair before you can use SSH keys. You should create these on the system you intend to use for accessing a remote system. This process varies depending on your chosen system.
For Linux or Mac:
Suggested: Update or Install OpenSSH
sudo apt-get update
sudo apt-get install openssh-server
To get started, open a command line terminal and enter this command:
ssh-keygen -t rsa
Next, your key files will be generated in the /HOME/.ssh/directory as standard (including the private key). You can specify another location if you’d prefer to generate them elsewhere, though.
NB! Never share your private key with anyone else.
$HOME/.ssh/id_rsa1.pub (public key)
$HOME/.ssh/id_rsa1 (private net)
As you can see above, you’ll have an option to create a passphrase to help keep unauthorized users out of your accounts and maintain your keypairs’ confidentiality. Your public key will be uploaded to your server to utilize SSH key authentication for access control. You can use the ssh-copy-id command (belonging to the OpenSSH package) for automation of the transfer process, in the following syntax:
ssh-copy-id [email protected]
You can also manually position the public SSH key on the remote server to add the key to your account.
To get started, install the downloadable PuTTY SSH keygen software on your system. Follow these steps:
- Make sure the PuTTYgen program is loaded.
- Hit the Generate button, then click on RSA (SSH-2): You might choose a 4096-bit key, but this may not be accepted by some applications. As a result, you can expect to see more CPU usage throughout the “handshake” stage.
- Enter a passphrase for extra security.
- Click on Save private key and specify the location you want to store it in. Never share this with unauthorized users. You may copy and paste your public key from the above field using the Save public key or Select All buttons.
The SSH Authentication Process
Once you finish the steps covered above, enter your SSH username and remote system’s IP address into your terminal. Use this format: ssh [email protected]_ip_address. By doing this, you’ll set up a connection to the remote system with the SSH protocol.
The specified username and protocol will inform the remote server which public key it needs to use for effective authentication. The remote server will encrypt a random message using that public key, which will be delivered back to the client. The private key on your system will decrypt this challenge message.
After this message has been decrypted, it will be combined with a session ID (arranged prior) and delivered back to the server. The client will be authenticated if the message aligns with what the server sent, and you’ll receive remote server access.
This process shows the server that you hold the private key corresponding to the public key it has filed. But improper management of SSH keys means that, unfortunately, the security of this process can be undermined.
How to Manage SSH Keys
It’s crucial that you implement proper management of SSH keys. They usually provide access to business-critical assets, and businesses often have many SSH keys — even millions of them at Fortune 500 organizations.
Even though managing such vast collections of SSH keys manually can be incredibly tough, some companies continually overlook effective management systems. Many keys may also be out of use, and security issues could be overlooked as a result. Implementing a quality SSH key management system can help cut those security risks and facilitate more efficient access overall.
An SSH key management tool can empower companies to seize control of their SSH keys. However, that also means needing to manage another platform as well as a directory service, SSO provider, and even system management software. Think it over carefully, and consider all the variables before you commit to a choice.
We hope this guide helps you make the right decision when generating, managing, and securing your SSH keys.
No comment yet, add your voice below!