(Beginner) I don't understand SSH and Linux command ssh-keygen, so I summarized it.

A personal memo for the first week of joining the company.

About ssh connection

The ssh-keygen command can create a file called a "certificate" that uses the public and private keys used in "OpenSSH" and the CA key (Certificate Authority key).

What is OpenSSH? It is an open source implementation of "SSH" that encrypts communication via the network. Mainly used for ** remote login ** over the network to UNIX / Linux servers.

What is SSH? "SSH (Secure Shell)" is a protocol for securely communicating with remote computers using encryption and authentication technologies. Encrypts communications that include credentials such as passwords.

What is a protocol? Established rules for data communication. Information format, communication procedure.

Why you need an ssh connection

Various server devices such as VPS (Virtual Private Server) are almost always located away from the operator. Therefore, we need a means that only the person who performs this operation can securely connect via the Internet.

The reason is that if a malicious person can log in to the server, he / she can do whatever he / she wants on the server and pose various risks.

The term SSH, which is usually used, has multiple meanings as follows, so it is necessary to clarify which one it refers to.

  1. Information for logging in to the server with SSH (host name, password, authentication file, etc.)
  2. Software includes both server and client
  3. From OS such as Windows, connect using dedicated client software

Difference between ssh and ssl

About SSH authentication method

SSH is complicated to connect securely to a remote server. In addition, there are multiple authentication methods available to check if the login to the server is correct.

Typical ones are password authentication method and public key authentication method.

--Password authentication method The password in this case is the one set for the user account on the server. It's easy, but if the password is leaked, a malicious third party can log in to the server, which is dangerous.

--Public key authentication method Initial setting work is difficult, but communication security is very high. There are several ways to do this, but in principle you can't log in from a user without a "key" as long as you keep a file called a ** key". ** This will prevent unauthorized login by a malicious third party.

The public key authentication method is roughly as follows.

  1. Create a "key" (Create a "key" on either the SSH server or the SSH client.)
  2. Store the "key" required by the server and client respectively Be sure to create a pair of ** server (public key) and client (private key) **, not just one "key".
  3. Operate the SSH client and tell the intention to log in to ** SSH server **
  4. Check each other's "keys" to see if they match
  5. Procedures such as communication encryption (encryption and decryption, exchange of information to do them)
  6. Encrypted communication starts

ssh-keygen commands and options

Linux command ** ssh-keygen **

A Linux command that issues a set of private and public keys. The file location and default file name are as follows.

Private key: /root/.ssh/id_rsa Public key: /root/.ssh/id_rsa.pub

In my case, the ~ / .ssh / directory did not exist, so I created it with mkdir.

About the following commands that appeared in the procedure manual

Procedure manual commands ssh-keygen -f stash_rsa -t rsa -b 2048

Basic grammar ** ssh-keygen [option] [-f key file] **

Meaning of various options

-** -f ** option Specify the file. This time I wanted to name it stash_rsa, so I think I'm using it. (If not specified, it will be generated with the name id_rsa.)

-** -t ** option Key type rsa1, dsa, ecdsa, ed25319, rsa (If not specified with -t, rsa is usually the default, depending on the version)

-** -b ** option Specify the key length (minimum value is 768bit, initial value is 2048bit) 2048bit is also specified in the above command. (The initial value is 2048 bits, which is written in the citation source, but the reason for specifying it is unknown)

Settings after generating private and public keys

I'm tired so I'll write it later.

Recommended Posts

(Beginner) I don't understand SSH and Linux command ssh-keygen, so I summarized it.
I studied about Linux, so I summarized it.
Docker x visualization didn't work and I was addicted to it, so I summarized it!
I studied this! !!
I studied about Systemd properly
I studied about Linux, so I summarized it.
I thought "What is Linux?", So I looked it up.
I don't understand join
PyTorch's book was difficult to understand, so I supplemented it
[For black screen phobia] I want to know about Linux and shells, so I illustrated it loosely.
I don't really understand the difference between modules, packages and libraries, so I tried to organize them.
[Super basics of Python] I learned the basics of the basics, so I summarized it briefly.