Ssh step up security

Passwords are outdated!

Let’s face it, it’s not practical or secure to use one password, if you have to login on 10 sites, you have to manage 10 different passwords. And if you want to be a bit more secure, you have to change them regularly. That’s too much for my memory, if you ask me.

Let the machine handle it. We’ll use keys instead. The idea is that our computer will generate a public key (which we will send to the server) and a private key (which we will keep on our computer). When we connect, the server will ask our computer an encrypted question using the public key. Our computer will decrypt the message and answer using our private key. They will talk to each other using the private/public key without having to ask us anything in order to secure the connection step.

To do this, we will first generate the public/private key using ssh-keygen :

ssh-keygen -t ed25519

Having answered the questions, we are now ready. We can now send the public key to the services that need it.

In the case of ssh, we simply add our public key to the .ssh/authorised_keys file on the server. We can do this manually or use ssh-copy-id:

ssh-copy-id -i ~/.ssh/mypublickey username@server

And that’s it, the next time we log in, ssh will use this method. Of course if we try to log in from a device that doesn’t have the private/public key, then it will ask for a password.


untagged

250 Words

2022-10-13 16:31 +0200