Configure SSH keys to improve your network security
If you’ve been in the IT industry for a while or follow our site, SSH protocol and SSH keys are words you’ve probably come across often. So what are these SSH keys, why do you need them, and how can you configure them? Let’s find answers to all these questions in this article.
Before we dive into SSH keys, let’s understand the SSH protocol.
The Secure Shell (SSH) protocol is a set of rules or methods for a secure remote connection from one computer to another. It lays the foundation for strong authentication and security when connecting to a computer remotely.
This protocol was born out of the need for a secure way to log in remotely, as existing protocols such as telnet and rlogin were insecure.
The SSH protocol operates in a client-server model and uses public key cryptography for authentication. Essentially, the SSH client initiates the connection to the SSH server. Once the connection is established, encryption and hashing algorithms are used to exchange data between the client and the server.
Broadly speaking, the SSH protocol uses three types of authentication at different points of authentication and data transfer to provide security, and these are:
- Symmetric keys
- Asymmetric keys (public-private keys)
- Hash Algorithms
Of these, the most common and popular is public-private key encryption. In this form of encryption, there is a private and public key pair, and the public key is configured on the server to grant access to the user logging in from a client computer. The server sends the public key and if it matches the private key pair present in the client, that user is granted remote access.
Obviously, the primary use of this authentication is to provide security. It can also be used for automation and to enable single sign-on by administrative users.
What are SSH keys?
Now that you have an idea of the SSH protocol, it is relatively easy to understand where the SSH keys are located.
In its simplest form, SSH keys are the private-public key pair that provides SSH protocol access credentials. Its function is similar to usernames and passwords, except that it is mainly used for automated and single sign-on.
These SSH keys always come in pairs and consist of a public key and a private key. When both keys stay with the user, they are called user keys. Similarly, when these keys are on a remote system, they are called host keys.
There is another type of SSH key called a session key which applies to a single session. This session key is very useful for transmitting large amounts of data securely.
How do SSH keys work?
The private key of this pair remains on the user system used to access the remote system. It is also used to decrypt information sent by the remote system. Needless to say, this is the more important and more secure of the two keys, and should never be shared. Most of the time it is stored in SSH key management software, although it can also be saved to a file.
The public key, on the other hand, is used by the remote server. It is used to encrypt information and can be shared with anyone, because knowing the public key is useless without the private key. For the same reasons, these keys are stored in a file and no specialized tool is needed to hide them.
Now let’s get to understanding how these keys work and how to configure them.
How to configure SSH keys?
Here is a step-by-step guide on setting up these SSH keys on your computer.
Generate your SSH key pair
The first step is to generate your own SSH keys. Let’s take a brief look at how you can do this.
- Open the terminal and type ssh-keygen -t rsa. This command starts the key generation process and then prompts you to choose where to store those keys.
- If you want to use the default location, press Enter.
- Next, you will be prompted to enter a passphrase.
- You can enter a phrase or just accept the default one by pressing Enter.
- Once you confirm, the system automatically generates the key pair.
When you accept the defaults, your private key will be stored in the id_rsa file in the .ssh directory while the public key will be stored in the id_rsa.pub file.
Here is another way to create private and public keys separately.
Type this command:
openssl genrsa -out private.pem 2048
This will generate a 2048 bit private key.
Create the corresponding public key with this command:
openssl req -new -x509 -key private.pem -out cert.pem
To check if the keys were created successfully, type ls and see if the files are present in the directory.
A word of warning here. Never share your private key with anyone.
Import your public SSH key
After generating the SSH keys, import the public key to the server. To do this,
- Copy the SSH public key.
- Go to your service provider’s account page and navigate to “Import Public Key”.
- Paste your key into the public key field of your service provider account<.>
- Give the key a name in the “Key name” field.
- Although it is not necessary to give the key a name, it is a good practice.
- Finally, click on the “Add” button and the keys will be added to the SSH table.
With that, you are set.
Do a final check
Finally, check if everything is working.
- Open your terminal and enter your SSH username and the remote system’s IP address in the format shh [email protected].
- This will initiate a connection with the remote system via the SSH protocol.
- The server will look up the public key in the SSH table. It will choose the public key associated with your username, encrypt a random message using that key, and send it back to the client.
- The client computer decrypts this message using the private key and combines it with the session ID. This concatenated message is encrypted and sent to the server.
- The server decrypts with the public key, and if the message matches, access is given to the user.
This establishes the remote connection and you can securely send messages to the remote client.
A final note on SSH keys
These SSH keys can quickly become cumbersome, especially in the case of large organizations that may have to use millions of keys to grant access to different digital resources.
Research shows that security vulnerability risks increase when these keys are not well managed, so consider using an SSH key management tool that can help IT administrators stay on top of SSH keys and their usage.
So, have you implemented SSH keys? Please let us know your experience in the comments section.
Featured Image: Pixabay