How can I generate a SSH-keyfile for multiple Linux machines?

I want to change the login method for the SSH-connection to my Linux Ubuntu Servers. How can I set up an SSH-keyfile which can be used on many machines? I want to use the same file pair for all of my servers. How can I do this?

 

Codemaster's picture

How to create SSH keys

SSH stands for Secure Shell and refers to both a network protocol and special programs that can be used to establish a secure and encrypted connection between remote systems. The encryption of the data between the systems is 128-bit. This is sufficiently complex to fend off unauthorized hackers. The most popular programs that use the SSH network protocol to securely transfer data are probably WinSCP and PuTTy. These programs are often used by server administrators.

 

 

 

In public-key authentication, a key pair consisting of a public key and a private key is generated by SSH keygen or frequently also by PuTTygen. The public key is stored in the root directory of the server under ~ / .ssh / authorized_keys. The private key is encrypted and secured by password or passphrase (password of several words) on the local computer. The authentication by SSH-Key in combination with a password offers several advantages over a simple authentication by a password query. A password can e.g. be intercepted with special keylogger programs. To do this, only one of the interconnected systems has to be compromised. Some Malware programs install keyloggers on the PC to deliver the keyboard input over the Internet to the attacker. He can then see exactly with which passwords you have logged in to various servers or services. Furthermore, every seasoned webmaster knows that brute force attacks are permanently hammered into any standard server. A program tries to find out the right credentials by rapidly changing username/password combinations. Fail2ban may help to defend BruteForce attacks. Another not to be underestimated aspect is that the password is stored in a file on the server either as a clear name or as a hash value. If an attacker gets to this file, he can immediately log on to the system via SSH. Even if the attacker only comes into possession of the hash value, there are special software that finds character combinations that exactly match the hash value. Most webmasters use the same password for multiple machines and services. In this case, several systems and services would be compromised. The disaster would be perfect. Logging in via password query is much less secure than using SSH keys in combination with a password. In this case, the attacker must know the password and be in possession of the SSH key. If you also save the SSH key on an encrypted external hard drive (for example with TrueCrypt), this key can be very difficult to steal. The danger that an attacker, in this case, has come into possession of the SSH key and the password tends to zero.

 

In the further course, I would like to introduce two methods on how to generate a key pair.

 

1. Generate SSH key file pair with PuTTYgen:

 

Creating a PuTTY SSH key is easy. When installing PuTTy or WinSCP under Windows, the tool PuTTygen is also installed. This can be found by opening the start menu under Windows and expanding the entry PuTTy under Programs. There you will also find the tool PuTTygen. A click on it opens the program.

PuTTygen generate keyfile

 

There you can enter the type of signature and the bit length of the keys to be created. RSA is selected as the default value. This method has the highest compatibility. For RSA, the bit length should be set slightly larger, so that the security is sufficiently high. As an example, the algorithm ECDSA contains so-called NIST curves. Whatever that may be, critics fear there might be a backdoor for the NSA. Ist recommended from our site to use the RSA method. Then click on "Generate" to generate the SSH-keys. Through mouse movements, one helps the algorithm for the signature calculation.

 

In the next step, you have to enter a password or a passphrase (password of several words).

public key signature

 

Once you have entered the password or passphrase, you can save the public key and the private key. Just click on "Save public key" or on "Save private key". In the above window, you can see the public key signature in plain text. You simply have to copy this signature and paste it into ~ .ssh / authorized_keys. Just open the file authorized_keys with any text editor like MS Word or WordPad.

 

If you want to register via SSH to the server, you simply upload the private key in the SSH program and enter the password. For PuTTy this looks like this:

PuTTy authentification with SSH key

 

To use the public key on multiple machines, just copy the same text content to each server in ~ .ssh / authorized_keys as described above. The login works then always with a private key and the password or passphrase at any machine where you inserted the signature text into ~ .ssh / authorized_keys.

Vote the answer: 
5
Average: 5 (1 vote)