You will probably save the shell on your Linux servers on the day. I hope you have configured those servers to use SSH key authentication. For what? Because it’s the most secure way to use SSH connections to your remote knowledge intermediate servers. Otherwise, I need to advise you through the SSH key authentication configuration procedure, as well as making sure that you don’t have to enter a password when you sign in.
SEE: SSL Certificate Best Practice Policy (TechRepublic Premium)
This procedure can be performed with any visitor that supports SSH. I tested it effectively on Linux and macOS. On the remote side, I’ll demonstrate it with Ubuntu Server 20.04.
The first thing you need to do is generate your SSH key pair. This step is compatible with the visitor. The procedure is exactly the same on Linux as on macOS.
Connect to your client, open a terminal window and execute the order:
We generate a key, with the addition of option -b 4096.
Be sure to give your key pair a very strong secret phrase. Due to the nature of what we do, you need a password/prayer to guess, so go big.
You may also need to consider the location of this key pair in a non-standard location. To do this, you can create a hidden directory with a call that has nothing to do with SSH or security. Hide this pair of keys in sight. For example, you can create a hidden directory with the command:
During the naming phase of key creation, enter as:
Where USER is your username.
Or, on macOS:
Where USER is your username.
Once your key is generated, you can send it to the server with the command:
Where SERVER is the IP address or domain of the remote server.
If you use a traditional key, this command would look like this:
Where SERVER is the IP address or domain of the remote server.
Note: If you have a traditional SSH key, the procedure for connecting to the remote server is a little different. Instead of ssh USER – SERVER (where USER is the username and SERVER is the IP or domain of the remote server), the command would be (follow our example):
Where USER is the username and SERVER is the IP domain or domain of the remote server.
I want to start by saying that you want to make sure of two things:
Consider those two elements as the key to the good luck of your client-server security.
There are two tactics to make that work. The first approach can be performed on your Linux desktop client, while the focus for now works on Linux and macOS.
Let me show you how to make up the first choice. Once you have copied your SSH key to the server, you must connect to that server for the first time in SSH. When you do, a pop-up window will appear asking you to enter your SSH password (Figure A).
Figure A
Connect to a remote Linux server, via SSH, key authentication.
Note that the checkbox automatically unlocks this key each and every time I’m logged in. Check this box, enter your secret sentence and click Unlock. By checking the unlock box automatically this key each time you log in, you may not have to worry about entering your SSH key password to protect the shell on that remote server. Even if you log out or restart this consuming computer, you may not have to enter your password for SSH key authentication on this Ubuntu server yet.
The timing requires the use of the ssh-add command, which adds personal key identities to the OpenSSH authentication agent. Then, on the Linux or macOS terminal, run the command:
Or, if you create a traditional key (we stick to our previous example), factor an order such as:
Now, the next time you log in to this remote server from any client, you may not have to enter your SSH key authentication passphrase.
The challenge with the above approach is that it doesn’t work as a permanent solution for each and every Linux desktop client. If you find this the case, you can install the key file with the command:
Once this application is installed, you want to load some lines on the back of your Arraybashrc record. Open this log with the command:
On the back of the file, load the following two lines:
If you use a traditional key, those two lines would look like (follow our example):
Save and close the file. Close and reopen your device and you should not have to enter your SSH key authentication password when you log in to the remote Linux server. The only time you have to enter this password is the first time you open a terminal window after restarting.
The only caveat to this approach is that you will see the output of the key file displayed each time you open your terminal window (Figure B).
Figure B
Release of the key registry displayed in the Linux terminal window.
Again, you want to use this setting wisely. Don’t leave your desktop unlocked and make sure your workplace login password is very secure.
Jack Wallen is an award for TechRepublic and Linux.com. He is an avid promoter of open source and voice of the Android expert. To learn more about Jack Wallen, visit his online page jackwallen.com.