Transparent SSH keys – ways in which they can be useful

I’m sure you’ve read time and time again that ssh keys without a passphrase are bad, and that they should never be created, because they create an easy attack onto your system should someone get hold of your ssh public and private key pair somehow. However I find them very useful when accessing the development boxes at work, and I’m sure that anyone else who has to connect to multiple development servers or any internal servers come to mention it will agree; one less password / passphrase saves so much time. Be it connecting to the server to find a file, or scp’ing a file somewhere, or to run some remote command.

Creating them is easy. Simply run the normal ssh-keygen command on your machine to create them.

ssh-keygen -C carlcasbolt@example.com

I normally specify my email address just to avoid the default of carl@localhost.localdomain, but I’ve stuck an example one above: so don’t try and email me there..

You’ll then be prompted for a passphrase, and asked to confirm it, but of course you leave both of these blank and just hit enter.

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/carl/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/carl/.ssh/id_rsa.
Your public key has been saved in /Users/carl/.ssh/id_rsa.pub.
The key fingerprint is:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 carlcasbolt@example.com
The key's randomart image is:
+--[ RSA 2048]----+
|      (\_/)      |
|      /. .\      |
|     =\_T_/=     |
|      /   \ .-.  |
|      | _ |/     |
|     /| | |\     |
|     \)_|_(/     | 
|     `"" ""`     |
+-----------------+

There you have it, one ssh key set which no passphrase (very insecure). Oh and the above is not my real ssh key pair, as you can see the image is an ascii cat, and it’s just an example of the output you would see from the command.

Now we need to upload out public key to the chose development servers and put the contents within the authorized_keys2 file under ~/.ssh/

scp ~/.ssh/id_rsa.pub carl@dev-box-01:~/

If you’re wondering how to set up an ssh alias like dev-box-01 see this post.

Once the public key is on the correct box, ssh to it and cat the contents of the file into ~/.ssh/authorized_keys2 and that should be it. If you have any issues then make sure that the authorized_keys2 file i has the file permissions of 600.

Leave a Reply

Your email address will not be published. Required fields are marked *