Key Management with ssh

ssh-copy-id

Tech Notes

--

ssh-copy-id installs an ssh key on a server as an authorized key. It’s purpose is to provide access without requiring a password for each login.

This facilitates automated, passwordless logins and single sign-on using the ssh protocol. The ssh-copy-id tool is part of openssh.

Setting up public key authentication

Key based authentication in ssh is called public key authentication. The purpose of ssh-copy-id is to make setting up public key authentication easier. The process is as follows:

Generate an ssh key with the ssh-keygen command line util that comes with openssh.

With OpenSSH, an SSH key is created using ssh-keygen. In the simplest form, just run ssh-keygen and answer the questions. The following example illustates this.

# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/ylo/.ssh/id_rsa): mykey Enter passphrase (empty for no passphrase):  Enter same passphrase again:  Your identification has been saved in mykey. Your public key has been saved in mykey.pub. The key fingerprint is: SHA256:GKW7yzA1J1qkr1Cr9MhUwAbHbF2NrIPEgZXeOUOz3Us ylo@klar The key's randomart image is: +---[RSA 2048]----+ |.*++ o.o.        | |.+B + oo.        | | +++ *+.         | | .o.Oo.+E        | |    ++B.S.       | |   o * =.        | |  + = o          | | + = = .         | |  + o o          | +----[SHA256]-----+ #

Copy the Key to a Server

First off, your server has to have openssh installed of course, and it also has to be “allowed” to do public key authentication, so you have to set this setting on the server or else this whole thing will not work.

Go to

C:\ProgramData\ssh

on your Windows server and locate the sshd_config file in there. That’s your settings file for ssh server basically.

Open notepad or whatever text editor you want to use as administrator.

Open the sshd_config file in notepad and search for the string: “PubkeyAuthentication”

You can see in the screencap above that this is commented out. You need to uncomment that line in order to…

--

--