HOW TO: create a SSH-key and WHAT IS: SSH-key

Today I will show you how to create an SSH key in Ubuntu/Gnome/Linux and Windows and explain a little bit of why do we need such a key.

Well, let’s start with what is SSH!

WHAT is SSH?

For making the explication really simple, SSH is a network protocol to transfer data from one device to another in a SECURE channel. Meaning that every data that travels from place 1 to place 2 and vice versa  is encrypted, so that nobody but the two ends will be able to “understand” the information. For more detailed information about SSH : Wikipedia (SSH)

Now, let’s talk about SSH key.

WHAT is SSH key?

SSH key is used for authentication. It uses asymmetric cryptography.  You may ask, “Isn’t enough with username and password?” or “Why would I want to have a SSH key if I have my username and password?” Well for the first question the answer is NO. For the second question: You want to use SSH key because it is way more secure than normal user/pass authentication.

HOW does SSH key works?

It’s easy. Let me try to explain you as simple as possible. Every person has a pair of keys (a private and a public). Each key (the private and the public) can’t exist without the other. Meaning that if you don’t have the private key, the public key is useless and vice versa. As the words say, the private is ONLY for you. This is like “your password”! Nobody but you should have that key!! In the other hand, the public key can be shared with anybody you want. This public key is “installed” or “shared” in the remote computer you want to access in a secure way.

So, when you try to connect to a remote computer, the remote computer checks if it has your public key and compares it with your private key and if they do match (they are not the same, but as I said, they complement each other) then the remote computer grants you access. From there on you have a secure connection

For more detailed info :Wikipedia (Public-key cryptography)

WHY use SSH key?

Well, before SSH existed, Telnet was the pioneer service for remote connections. The problem with Telnet is that every single data you transmit over the Internet is in plain text!! That means that if someone is sniffing the connection between you and the remote connection, he will be able to know your password and more. So with the implementation of SSH, all of the data is sent encrypted, so that if someone is sniffing they won’t be able to understand what you are transferring.

That didn’t answer the question why to use SSH key :P But the answer is as simple as: SO THAT YOU CANNOT GET A BRUTE ATTACK!!! With SSH key it’s impossible to make a brute attack!! People could spend thousands of years trying with all kind of words, but they won’t be able to access because the SSH server will only grand you access if you have your correct pair of keys and not a password!!!

So let’s stop talking theory and let’s proceed to:

HOW to make a SSH key:

For Linux there are two options to create a SSH key:

For Windows there are also two options but we will just stick with GUI :P

GUI/Linux How to make SSH key

    1. Open “Passwords and Encryption keys” under System -> Preferences -> Passwords and Encryption keys

Passwords and Encryption Keys

    1. Click on File -> New

    1. Click on Secure Shell Key

    1. Write a good password. Good passwords are at least longer than 7 alphanumeric characters. Remember that the better the password is, the more secure the ssh key will be!!
    2. It will ask you to write a host and a login name. Write any host and any login name. This will try to access the host you wrote, but it won’t be a successful connection because your public ssh key is NOT in the host. So just write whatever and ignore the following errors!
    3. Go to “My private keys” and you will find out your new SSH key!!

Congratulations!! You have your new own SSH key! Now right click it and export it! That file is your PUBLIC key! We will use that key and copy it in a server!

Terminal/Linux How to create a SSH key

    1. Open a terminal and write:
 ssh-keygen -t rsa
    1. It will ask you where you want to save the file. Normally it will save it in ~/.ssh/id_rsa.*  Where ~ is your home directory and * for public and private. You can select wherever you want but for simplicity click ENTER
    2. Enter a passphrase and re enter it. Remember to write a complex passphrase!
    3. Now move to the directory that you save your ssh key. In our case is in ~/.ssh/ so write:
cd ~/.ssh/

ls
  1. You will see your id_rsa and id_rsa.pub !! The first one will be your private and the id_rsa.pub will be the PUBLIC one! NEVER share your private key!!

GUI/Windows How to make SSH key

For Windows the easiest way to create a SSH key is with Putty. PuTTYgen can be downloaded in this link.

Now we are ready for start using SSH in a really good secure way! NO MORE PASSWORDS!


JOIN OUR NEWSLETTER

Join my newsletter for FREE! Be one of thousands of people that receive ONE mail per week with the coolest posts of the week! JUMP IN don't be shy!!

We hate spam. Your email address will not be sold or shared with anyone else.

Author: Rocko

Share This Post On

3 Comments

  1. Ah! (Ya que me puse a shutear tu blog) Esto me hubiera servido hace como un mes, para no estarme haciendo un queso con que putty y keygen y cochinadas! Jaja, buen post.

    Post a Reply
  2. Good post!
    But I still don’t know where to use it, when doing emails, facebook and online banking, is there a way to use the advantages of ssh?

    Post a Reply
    • Hey Erick,

      with the use of ssh-key, you can only access to ssh-servers, it is your “password”. You can see how to set up a ssh server in my other post: http://www.rocko.me/?p=171

      With ssh-server in its “basic use” is to connect to a remote computer with encryption. That means, all the traffic between you and the remote computer is encrypted so nobody can sniff (read/write the information) your connection.

      Now, “HOW TO USE IT FOR FACEBOOK, EMAILS AND ONLINE BANKING”.. Let’s say you are in a hotel, or a free wifi hotspot or any public internet access and you want to access your bank account. You have to options, take the risk and connect directly to your bank account and hoping nobody is sniffing the network or you connect first to your remote computer/server via ssh (using a ssh-key) and THEN you connect to your bank, facebook, emails, surf on internet, etc.

      In that way you are sure that if someone is sniffing the network, wont be able to see your traffic, because the connection between you and your bank, is made from your ssh-server and not from the free hotspot you are, so everything is encrypted. Forgot to say, between your ssh-server and your bank account, it will also be encrypted because banks should (99% of the banks do) use SSL encryption for every connection you make with them!

      For doing so, you need a ssh server (it could be your home computer), a ssh-key and do ssh-tunneling (see my upcoming post).

      If you have more questions, don’t hesitate to ask ;)

      Post a Reply

Trackbacks/Pingbacks

  1. Rocko.me » HOW TO: install a SSH server - [...] For creating the ssh key, please see this post. [...]

Leave a Reply / Comment / Opinion :)

%d bloggers like this: