1
00:00:00,000 --> 00:00:19,000
Hey everyone and welcome back. Now previously when we have been authorising our SSH sessions

2
00:00:19,000 --> 00:00:23,879
we have been reliant on using passwords. In this nugget here we're going to see how we

3
00:00:23,879 --> 00:00:30,160
can make our lives a little bit easier and by the way this is indeed the recommended

4
00:00:30,160 --> 00:00:37,200
more secure way to handle your SSH connections. We're going to be relying on SSH keys. So

5
00:00:37,200 --> 00:00:42,879
check this out then what I will do here is I will go onto my server here and if we happen

6
00:00:42,879 --> 00:00:49,879
to look within our exe directory again we have an SSH directory. Within here we can

7
00:00:49,880 --> 00:00:54,040
see all of these different files. Now let me just do a long listing here so you can

8
00:00:54,040 --> 00:00:59,260
see this a little bit better. In fact let me just full screen this right now. So these

9
00:00:59,260 --> 00:01:05,920
files right here the ones that end in dot pub these are the public key files. Now some

10
00:01:05,920 --> 00:01:11,599
of these ones you can see here for example this one is an RSA key. This means it is using

11
00:01:11,599 --> 00:01:17,480
the RSA encryption algorithm. Here we have others like the elliptical curve algorithm

12
00:01:17,680 --> 00:01:22,600
so on and so forth. But the point here to note here is that our dot pubs those are public

13
00:01:22,600 --> 00:01:28,420
we can share these the ones which do not have dot pub those are private please please please

14
00:01:28,420 --> 00:01:33,840
do not be sharing these out these are meant to be private. So what I want to do is I want

15
00:01:33,840 --> 00:01:38,680
to show you how we can actually generate our own keys. So what I will do here is if I just

16
00:01:38,680 --> 00:01:46,560
clear the screen I say man SSH hyphen key gen. So we can see this is part of the open

17
00:01:46,640 --> 00:01:51,560
SSH suite of utilities. What this is going to do is going to allow us to generate an

18
00:01:51,560 --> 00:01:57,439
authentication key. Now if you happen to page right through all of these different options

19
00:01:57,439 --> 00:02:03,920
you're going to see we have a ton of switches which can do a ton of things and this example

20
00:02:03,920 --> 00:02:08,800
here we're going to keep things really quite simple. The only switch which I am going to

21
00:02:08,800 --> 00:02:13,680
be focusing on is this one here the dash T which is going to allow us to specify the

22
00:02:13,760 --> 00:02:19,719
type of key we want to create. So again similar to what we saw before we had those RSA dot

23
00:02:19,719 --> 00:02:25,400
pub files or the elliptical curve pub files we can specify the type of encryption we want

24
00:02:25,400 --> 00:02:32,400
to use. We will just use the RSA type encryption for our example but again you can choose whatever

25
00:02:32,400 --> 00:02:37,960
you wish. So what I will do here is I will just escape out by pressing Q to quit and

26
00:02:37,960 --> 00:02:44,960
I will clear the screen once again. I will generate this key by saying SSH hyphen key

27
00:02:45,280 --> 00:02:52,200
gen and I will use the dash T flag to specify the type of encryption we want. I am going

28
00:02:52,200 --> 00:02:57,640
to say RSA. So if I hit enter it is going to tell me that we are going to generate a

29
00:02:57,640 --> 00:03:02,680
public and private key pair. Where do we want to save the key? Now notice this is actually

30
00:03:02,680 --> 00:03:08,120
a user specific key because check out the location of where it is going to be stored.

31
00:03:08,120 --> 00:03:12,560
I can change this location but I will just hit enter to keep it as it is. I can add a

32
00:03:12,560 --> 00:03:17,599
pass phrase but again I don't have to keeping things simple I will just hit enter and leave

33
00:03:17,599 --> 00:03:22,840
the pass phrase empty. Now we can see here we actually have generated these keys so if

34
00:03:22,840 --> 00:03:29,840
I do an LS in fact I have to go into my dot SSH directory as per the location specified

35
00:03:30,280 --> 00:03:37,280
right here. So I will do CD dot SSH if I do a PWD we can see where we are doing LS. Now

36
00:03:37,280 --> 00:03:41,920
we notice I have this file here which is my public key and I have this one here which

37
00:03:41,920 --> 00:03:47,199
is the private key. Again the public key is the one we want to share. The private is the

38
00:03:47,199 --> 00:03:53,000
one we never share. So what I want to do is I actually want to copy this public key to

39
00:03:53,000 --> 00:03:59,439
the remote server where I would usually authenticate into using my password. So what I now want

40
00:03:59,479 --> 00:04:06,479
to do is I want to actually copy this particular file so I will say SSH hyphen copy hyphen ID

41
00:04:09,199 --> 00:04:14,159
and then I will use the dash I flag and now I will specify the key I want to copy which

42
00:04:14,159 --> 00:04:21,159
is going to be RSA or ID underscore RSA pub. And now I want to specify where do I want

43
00:04:22,199 --> 00:04:26,920
to copy this so I am going to copy it to server 2 so I will use server 2's login credentials

44
00:04:26,960 --> 00:04:33,960
which is IPv0 at 192.1684.28. So now if I hit enter I am going to have to type in the

45
00:04:35,600 --> 00:04:41,360
password for server 2 which I have and now we can see here the number of keys added is

46
00:04:41,360 --> 00:04:48,360
1. Now it says here try logging into this machine. So what I can do here is just say SSH IPv0

47
00:04:49,199 --> 00:04:56,199
and I will do 4.28 and hit enter and as we can see here we automatically log in to the

48
00:04:59,040 --> 00:05:05,000
server without me having to type in my password anymore. I am not prompted for the password

49
00:05:05,000 --> 00:05:11,199
like I was up here. That is not present here. We automatically log in. That is because we

50
00:05:11,199 --> 00:05:17,639
now have this public private key pair ultimately handling the authentication. So what I will

51
00:05:17,639 --> 00:05:24,159
do is I can exit out of the server and back on server 1. Now if I actually want to create

52
00:05:24,159 --> 00:05:31,159
some type of alias so that I don't even have to do IPv0 at 192.1684.28 like this instead

53
00:05:33,719 --> 00:05:40,719
what I can do is within my configuration file. So I will go into my .ssh directory. We can

54
00:05:40,879 --> 00:05:46,560
see here. I am going to create this config file so I will just use the .nano config and

55
00:05:46,560 --> 00:05:51,759
within here I am going to use the keyword host. And now what I want to do is I want

56
00:05:51,759 --> 00:05:57,759
to specify the alias I want to use for that particular host. So let's just maybe just

57
00:05:57,759 --> 00:06:04,680
say I don't know we will call server 2 johnbox or johnbox 2 since it is server 2 whatever.

58
00:06:04,680 --> 00:06:09,360
Now what I am going to do is I am going to go in 4 spaces and I am going to say host

59
00:06:09,360 --> 00:06:15,120
name and be careful of the capitalization here and now I am going to specify the IP address

60
00:06:15,199 --> 00:06:22,199
I want to target so I will say 4.28 and I will also specify the user again be careful of

61
00:06:22,720 --> 00:06:28,199
the capitalization and I will say IPv0. So all I am ultimately doing here is creating

62
00:06:28,199 --> 00:06:35,199
an alias rather than me logging in and saying ssh ipv0 at 192.1684.28. I can just now say

63
00:06:37,079 --> 00:06:43,600
ssh johnbox 2 without having to give this username without having to specify this IP

64
00:06:43,640 --> 00:06:48,920
address and like I say we don't have to supply the password anymore because that is now handled

65
00:06:48,920 --> 00:06:55,080
with our ssh keys. So what I will do here is I will just save this configuration file.

66
00:06:55,080 --> 00:07:02,080
If I clear the screen I do a cde. Now I will just say ssh johnbox 2 and hit enter. Notice

67
00:07:02,080 --> 00:07:07,680
straight away we automatically log in immediately. No need to specify the username, no need to

68
00:07:07,759 --> 00:07:14,759
specify an IP address and no need to specify a password. So clearly this is a very valuable

69
00:07:15,079 --> 00:07:19,759
way to be able to handle your ssh connections especially if you happen to be using some

70
00:07:19,759 --> 00:07:25,160
type of automation whereby you don't want to have to continually be prompted to manually

71
00:07:25,160 --> 00:07:30,840
type in your password. You just want to have ssh keys set up so that the automation system

72
00:07:30,840 --> 00:07:36,079
can automatically log in by virtue of being on your system and like I say if you want

73
00:07:36,120 --> 00:07:41,560
to smooth out the authentication process you can actually use these aliases so that you

74
00:07:41,560 --> 00:07:47,680
can also strip away the IP addresses or the domain names and the user names with these

75
00:07:47,680 --> 00:07:53,039
nice short hands. Ok doc so that is us for our ssh configurations. I hope this has been

76
00:07:53,039 --> 00:07:55,759
informative for you and I'd like to thank you for viewing.