Irregularpedia

SSH Keys: Difference between revisions

← Older edit
VisualWikitext
cats
Rod (talk | contribs)
1 edit
 
(2 intermediate revisions by one other user not shown)
Line 49: Line 49:
'''Most Secure Keys'''
'''Most Secure Keys'''


<syntaxhighlight lang="shell">
<pre>
ssh-keygen -t ssh-ed25519 -C "[email protected]"
ssh-keygen -t ssh-ed25519 -C "[email protected]"
</syntaxhighlight>
</pre>


'''Advanced ED25519 Command'''
'''Advanced ED25519 Command'''


<syntaxhighlight lang="shell">
<pre>
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/username_id_ed25519 -N "your_passphrase"
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/username_id_ed25519 -N "your_passphrase"
</syntaxhighlight>
</pre>


'''Compatible and Secure'''
'''Compatible and Secure'''


<syntaxhighlight lang="shell">
<pre>
ssh-keygen -t rsa -b 4096 -C "[email protected]"
ssh-keygen -t rsa -b 4096 -C "[email protected]"
</syntaxhighlight>
</pre>


Follow the prompts to save the key, typically in <code>~/.ssh/id_rsa</code>.
Follow the prompts to save the key, typically in <code>~/.ssh/id_rsa</code>.
Line 80: Line 80:
To use your SSH key for connecting to a server, add your public key to the <code>~/.ssh/authorized_keys</code> file on the server:
To use your SSH key for connecting to a server, add your public key to the <code>~/.ssh/authorized_keys</code> file on the server:


<syntaxhighlight lang="sh">
<pre>
ssh-add ~/.ssh/username_id_ed25519
ssh-add ~/.ssh/username_id_ed25519
</syntaxhighlight>
</pre>


After this, you can log in to the server (remote) with <code>ssh [email protected]</code>. If you are prompted for your PIN, it is the PIN you created when generating your SSH keys.
After this, you can log in to the server (remote) with <code>ssh [email protected]</code>. If you are prompted for your PIN, it is the PIN you created when generating your SSH keys.
Line 88: Line 88:
You may also SSH directly to a server without adding your SSH key to the server’s <code>~/.ssh/authorized_keys</code> file:
You may also SSH directly to a server without adding your SSH key to the server’s <code>~/.ssh/authorized_keys</code> file:


<syntaxhighlight lang="sh">
<pre>
ssh -i ~/.ssh/username_id_ed25519 username@hostname
ssh -i ~/.ssh/username_id_ed25519 username@hostname
</syntaxhighlight>
</pre>


<span id="using-with-git"></span>
<span id="using-with-git"></span>
Line 100: Line 100:
To use your SSH key with private Git repositories, add the key to your SSH agent and configure the repository URL to use SSH:
To use your SSH key with private Git repositories, add the key to your SSH agent and configure the repository URL to use SSH:


<syntaxhighlight lang="sh">
<pre>
ssh-add ~/.ssh/username_id_ed25519
ssh-add ~/.ssh/username_id_ed25519
git remote set-url origin [email protected]:username/repo.git
git remote set-url origin [email protected]:username/repo.git
</syntaxhighlight>
</pre>


<span id="using-to-sign-git-commits"></span>
<span id="using-to-sign-git-commits"></span>
Line 110: Line 110:
To sign Git commits with your SSH key, configure Git to use the key:
To sign Git commits with your SSH key, configure Git to use the key:


<syntaxhighlight lang="sh">
<pre>
git config --global user.signingkey <your-key-id>
git config --global user.signingkey <your-key-id>
git config --global commit.gpgSign true
git config --global commit.gpgSign true
</syntaxhighlight>
</pre>


<span id="using-gpg-keys-for-ssh-authentication"></span>
<span id="using-gpg-keys-for-ssh-authentication"></span>
Line 123: Line 123:
If you don’t already have a GPG key pair, generate one:
If you don’t already have a GPG key pair, generate one:


<syntaxhighlight lang="sh">
<pre>
gpg --full-generate-key
gpg --full-generate-key
</syntaxhighlight>
</pre>


Follow the prompts to create your key pair.
Follow the prompts to create your key pair.
Line 134: Line 134:
Edit or create the <code>~/.gnupg/gpg-agent.conf</code> file to include the following line:
Edit or create the <code>~/.gnupg/gpg-agent.conf</code> file to include the following line:


<syntaxhighlight lang="sh">
<pre>
enable-ssh-support
enable-ssh-support
</syntaxhighlight>
</pre>


<span id="starting-the-gpg-agent"></span>
<span id="starting-the-gpg-agent"></span>
Line 143: Line 143:
Start or reload the GPG agent:
Start or reload the GPG agent:


<syntaxhighlight lang="sh">
<pre>
gpg-connect-agent updatestartuptty /bye
gpg-connect-agent updatestartuptty /bye
</syntaxhighlight>
</pre>


<span id="extracting-the-ssh-public-key-from-your-gpg-key"></span>
<span id="extracting-the-ssh-public-key-from-your-gpg-key"></span>
Line 152: Line 152:
Use the following command to extract the SSH public key from your GPG key:
Use the following command to extract the SSH public key from your GPG key:


<syntaxhighlight lang="sh">
<pre>
ssh-add -L
ssh-add -L
</syntaxhighlight>
</pre>


If the key is not listed, you can add it manually:
If the key is not listed, you can add it manually:


<syntaxhighlight lang="sh">
<pre>
gpg --export-ssh-key <your-gpg-key-id>
gpg --export-ssh-key <your-gpg-key-id>
</syntaxhighlight>
</pre>


Replace <code>&lt;your-gpg-key-id&gt;</code> with your actual GPG key ID.
Replace <code>&lt;your-gpg-key-id&gt;</code> with your actual GPG key ID.
Line 174: Line 174:
Ensure your SSH client is configured to use the GPG agent by adding the following to your <code>~/.bashrc</code> or <code>~/.zshrc</code>:
Ensure your SSH client is configured to use the GPG agent by adding the following to your <code>~/.bashrc</code> or <code>~/.zshrc</code>:


<syntaxhighlight lang="sh">
<pre>
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
</syntaxhighlight>
</pre>


Reload your shell configuration:
Reload your shell configuration:


<syntaxhighlight lang="sh">
<pre>
source ~/.bashrc  ## or source ~/.zshrc
source ~/.bashrc  ## or source ~/.zshrc
</syntaxhighlight>
</pre>


By following these steps, you can use your GPG key for SSH authentication, leveraging the benefits of GPG key management.
By following these steps, you can use your GPG key for SSH authentication, leveraging the benefits of GPG key management.
Line 194: Line 194:
Use <code>ssh-agent</code> to manage your keys and avoid entering the passphrase multiple times:
Use <code>ssh-agent</code> to manage your keys and avoid entering the passphrase multiple times:


<syntaxhighlight lang="sh">
<pre>
eval "$(ssh-agent -s)"
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/username_id_ed25519
ssh-add ~/.ssh/username_id_ed25519
</syntaxhighlight>
</pre>


<span id="keypassxc"></span>
<span id="keypassxc"></span>
Line 203: Line 203:


[https://keepassxc.org/ KeyPassXC] is a cross-platform password manager that can securely store your SSH keys.
[https://keepassxc.org/ KeyPassXC] is a cross-platform password manager that can securely store your SSH keys.
When configuring your .ssh/config file you may want to pass the IdentityFile directive to a host to ensure that the ssh agent only uses a specific key to connect to a host. This directive requires you to provide the path to your key file. When we add an ssh key to the KeePassXC agent we are deleting the file from our filesystem in order to protect it which conflicts with this. The solution is to pass the .pub public key file for your host to the IdentityFile instead of the private key. you can generate a key as described in the above sections. Add that key to your keepassxc agent to protect it and then keep the public key in your .ssh/ directory. This will allow you to set your .ssh/config to use a key that is only available in the agent.
<pre>
Host git.example.com
  Hostname git.example.com
  Port 22
  User git
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/mygitkey.pub
</pre>


<span id="references"></span>
<span id="references"></span>
Line 213: Line 225:




[[Category:Guide]]
[[Category:Guides]]
[[Category:Tech]]
[[Category:Tech]]
Retrieved from "https://irregularpedia.org/index.php/SSH_Keys"