ssh

Create an SSH Key

# Create an ED25519 key pair 
ssh-keygen -t ed25519 -f ~/.ssh/new_key 

# Create a 4096-bit RSA key pair
ssh-keygen -t rsa -b 4096 -f ~/.ssh/new_key

# Add this to the above commands to create the key without a passphrase
-N ""

# The command will output two files (private and public key pair)
new_key
new_key.pub

Add an SSH Key to the authorized_keys file

• You'll need to add your Public key to the system you want to SSH into and then you can SSH using your Private key

# Add the key to the target authorized_keys file to then ssh into it
ssh-copy-id -i ~/.ssh/new_key.pub user@host

# Another option
echo $(cat ~/.ssh/new_key.pub) >> ~/.ssh/authorized_keys

# The public key should be added to the ~/.ssh/authorized_keys file on the host
cat ~/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJheI2Qn4O8UamoMG8AgWL4YvH2YPtUQUl6ERRczNWZE parallels@kali-linux-2024-2

Generate a Public Key from a Private Key

• With access to a Private Key, we can generate the corresponding Public Key

• This is useful if we've lost the key or to get information on the user and system it was generated on

ssh-keygen -y -f ~/.ssh/new_key > ~/.ssh/new_key.pub

Specify a Specific SSH Key to Use

• If you have multiple SSH keys loaded into your SSH agent and try connecting to a server, sometimes the server will reject the connection because too many keys are being used to authenticate

• The way around this is to use the parameter -o "IdentitiesOnly=yes" which specifies the exact key to use i.e., any other SSH keys will be ignored

ssh -i ~/.ssh/my_key -o "IdentitiesOnly=yes" user@host

Certificate-based Authentication for SSH

• Certificates provide more security over passphrases but require a Certificate Authority (CA) to set up

• Additionally, Certificates have metadata that can be used for user identification, expiring access, role-based access control, and more

• There's a great blog post from Teleport on this