Today I will show you how to create an SSH key in Ubuntu/Gnome/Linux and Windows and explain a little bit of why do we need such a key.
- What is SSH?
- What is SSH key?
- How does SSH key work?
- Why use SSH key?
- HOW to make a SSH key:
- GUI/Linux How to make SSH key
- Command Line/Linux How to make SSH key
- GUI/Windows PuTTy
Well, let’s start with what is SSH!
For making the explication really simple, SSH is a network protocol to transfer data from one device to another in a SECURE channel. Meaning that every data that travels from place 1 to place 2 and vice versa is encrypted, so that nobody but the two ends will be able to “understand” the information. For more detailed information about SSH : Wikipedia (SSH)
Now, let’s talk about SSH key.
SSH key is used for authentication. It uses asymmetric cryptography. You may ask, “Isn’t enough with username and password?” or “Why would I want to have a SSH key if I have my username and password?” Well for the first question the answer is NO. For the second question: You want to use SSH key because it is way more secure than normal user/pass authentication.
It’s easy. Let me try to explain you as simple as possible. Every person has a pair of keys (a private and a public). Each key (the private and the public) can’t exist without the other. Meaning that if you don’t have the private key, the public key is useless and vice versa. As the words say, the private is ONLY for you. This is like “your password”! Nobody but you should have that key!! In the other hand, the public key can be shared with anybody you want. This public key is “installed” or “shared” in the remote computer you want to access in a secure way.
So, when you try to connect to a remote computer, the remote computer checks if it has your public key and compares it with your private key and if they do match (they are not the same, but as I said, they complement each other) then the remote computer grants you access. From there on you have a secure connection
For more detailed info :Wikipedia (Public-key cryptography)
Well, before SSH existed, Telnet was the pioneer service for remote connections. The problem with Telnet is that every single data you transmit over the Internet is in plain text!! That means that if someone is sniffing the connection between you and the remote connection, he will be able to know your password and more. So with the implementation of SSH, all of the data is sent encrypted, so that if someone is sniffing they won’t be able to understand what you are transferring.
That didn’t answer the question why to use SSH key But the answer is as simple as: SO THAT YOU CANNOT GET A BRUTE ATTACK!!! With SSH key it’s impossible to make a brute attack!! People could spend thousands of years trying with all kind of words, but they won’t be able to access because the SSH server will only grand you access if you have your correct pair of keys and not a password!!!
So let’s stop talking theory and let’s proceed to:
For Linux there are two options to create a SSH key:
For Windows there are also two options but we will just stick with GUI
- Open “Passwords and Encryption keys” under System -> Preferences -> Passwords and Encryption keys
- Click on File -> New
- Click on Secure Shell Key
- Write a good password. Good passwords are at least longer than 7 alphanumeric characters. Remember that the better the password is, the more secure the ssh key will be!!
- It will ask you to write a host and a login name. Write any host and any login name. This will try to access the host you wrote, but it won’t be a successful connection because your public ssh key is NOT in the host. So just write whatever and ignore the following errors!
- Go to “My private keys” and you will find out your new SSH key!!
Congratulations!! You have your new own SSH key! Now right click it and export it! That file is your PUBLIC key! We will use that key and copy it in a server!
- Open a terminal and write:
ssh-keygen -t rsa
- It will ask you where you want to save the file. Normally it will save it in ~/.ssh/id_rsa.* Where ~ is your home directory and * for public and private. You can select wherever you want but for simplicity click ENTER
- Enter a passphrase and re enter it. Remember to write a complex passphrase!
- Now move to the directory that you save your ssh key. In our case is in ~/.ssh/ so write:
cd ~/.ssh/ ls
- You will see your id_rsa and id_rsa.pub !! The first one will be your private and the id_rsa.pub will be the PUBLIC one! NEVER share your private key!!
For Windows the easiest way to create a SSH key is with Putty. PuTTYgen can be downloaded in this link.
Now we are ready for start using SSH in a really good secure way! NO MORE PASSWORDS!