commonplace
  • Commonplace
  • AWS
    • Control Tower
      • Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
    • Talks / Articles
      • Encrypting Everything with AWS (SEP402)
      • The Tension Between Absolutes & Ambiguity in Security (SEC310)
      • Best practices for authoring AWS CloudFormation (DOP302-R1)
    • Useful Links
    • Notes
      • awscli
      • Cloudformation
        • Using Parameters
  • Infrastructure Security
    • Amazon Web Services
      • Tools
    • Tools
  • Security
    • Articles
      • If You're Not Doing Continuous Asset Management You're Not Doing Security | Daniel Miessler
      • Living Off the Land
        • Living Off The Land: Part 2
    • Cryptography
      • Shamir Secret Sharing Algorithm
    • Distros
      • REMnux
    • DoD
    • Email
    • GPG
    • Shodan
    • SSH
  • Resources
    • AWS Toolbox
    • CTF
      • AWS
    • Dev Setup
      • Windows Terminal
    • Documentation
      • MOCK Press Release Template
      • Design Document Template
    • Docker
      • Notes
      • Configure Docker w/TLS for WSL
    • Kubernetes
      • Raspberry Pi 4 (4GB) Cluster
    • Linux
      • zsh config
      • Users and Groups
    • Python
      • AWS
        • Lambda
      • Random Strings
    • Security News
    • Tools
    • Unity SSDLC
    • vscode
      • Cloudformation
    • Windows
      • WSL2
        • Scratchpad
        • Install a GUI (xfce)
        • Creating Additional WSL2 Instances
    • Youtubers
      • youtube-dl snippets
  • Lab
    • Building a Better Workstation
      • Notes / Guide
  • Misc
    • Notes
      • youtube-dl
  • Recipes
Powered by GitBook
On this page
  • Generating an SSH Key
  • Naming SSH Keys
  • Adding a Public Key to a Remote Server
  • SSH config
  • Adding your SSH key to the ssh-agent

Was this helpful?

  1. Security

SSH

PreviousShodanNextAWS Toolbox

Last updated 5 years ago

Was this helpful?

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

Generating an SSH Key

ssh-keygen -a 1000 -t ed25519 -C "{{ YOUR_EMAIL }}"

# Alternatively
ssh-keygen -t rsa -b 4096 -C "{{ UNIQUE_NAME }}"

  • -a 1000 tells the key generator to use 1000 key derivation rounds when setting the passphrase, this will increase the amount of time required to brute force the password protecting the SSH key

  • -t ed25519 tells the key generator to use the ed25519 key type

  • -C "{{ YOUR_EMAIL }}" sets the key comment, allowing you to identify your

    public key in a list of public keys more easily (and to remember which key

    this is)

Naming SSH Keys

id_<key_algorithm>_<servername>_<purpose>
id_<key_algorithm>_<service>_<purpose>

With the following rules:

  • If it's not for a specific server/service, remove <servername>/<service>

  • If it's not for a specific purpose, remove <purpose>

  • At least one of the information-types (<purpose> or <servername>/<service>) has to be contained in the name

Examples:

  • id_rsa_github_username

  • id_rsa_server01_rsync

Adding a Public Key to a Remote Server

cat ~/.ssh/id_rsa_name.pub | ssh user@hostname 'cat >> .ssh/authorized_keys'

SSH config

Host example-bastion
  User ec2-user
  Hostname ec2-100-100-100-100.compute-1.amazonaws.com
  Port 22

Host example-mongo
  User ec2-user
  Hostname 200.200.200.200
  Port 22
  ProxyCommand ssh -q -W %h:%p example-bastion

Adding your SSH key to the ssh-agent

  1. Ensure the ssh-agent is running:

    # start the ssh-agent in the background
$ eval $(ssh-agent -s)
> Agent pid 59566

  2. Add your SSH private key to the ssh-agent. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_rsa in the command with the name of your private key file.

    $ ssh-add ~/.ssh/id_rsa
Wikipedia