Computer Documentation Wiki

User Tools

Site Tools

Trace: linux connect citrix
services:2fa:ssh:linux

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:2fa:ssh:linux [2021/04/12 06:55] – [Setup Linux ssh for key based login] jansenservices:2fa:ssh:linux [2025/08/20 10:44] (current) – fix typos, emphasize security of private key jansen
Line 1: Line 1:
 ======Setup Linux ssh for key based login====== ======Setup Linux ssh for key based login======
  
-We need to create a private/public key set to allow passwordless login via ssh. To do this run the sshkey-ge command:+We need to create a private/public key set to allow passwordless login via ssh. To do this run the sshkey-gen command:
  
   $ ssh-keygen -t ecdsa   $ ssh-keygen -t ecdsa
Line 25: Line 25:
   +----[SHA256]-----+   +----[SHA256]-----+
  
-For both question about passphrase, just hit enter (we will not be using passphrases). This will also have generated two files in your personal .ssh directory:+For both questions about passphrase, just could hit enter (in that case we will not be using passphrases). Security wise it is better though you do fill in a passphrase. This will have generated two files in your personal .ssh directory:
  
   $ ls -ltr id_ecdsa*   $ ls -ltr id_ecdsa*
Line 31: Line 31:
   -rw-r--r-- 1 testuser1 users 195 Mar 22 12:13 id_ecdsa.pub   -rw-r--r-- 1 testuser1 users 195 Mar 22 12:13 id_ecdsa.pub
  
-The file id_ecdsa.pub must be transferred to the remote host. For this we can use ssh-copy-id:+The file ''id_ecdsa'' (without ''.pub'') is the **private key**. You will have to keep this file private, ie: no one should have access to it (so don't copy it on removable media, share it with anyone, leave it in any unprotected place, etc). __**Treat it as an actual key**__; anyone with access to this private key, has access to your account, as if you had handed over your house key to others. 
 + 
 +The file ''id_ecdsa.pub'' is the "public" part of the key-pair. It's something similar to the key-hole in your front door: anyone is allowed to see the key-hole, but only the person who has the private key (you!) can use that key to open it. \\ 
 +So, the file ''id_ecdsa.pub'' must be transferred to the remote host. For this we can use ssh-copy-id:
  
   $ ssh-copy-id -i ~/.ssh/id_ecdsa.pub username@remote-host   $ ssh-copy-id -i ~/.ssh/id_ecdsa.pub username@remote-host
services/2fa/ssh/linux.1618210539.txt.gz · Last modified: by jansen

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki