1 00:00:06,960 --> 00:00:07,793 - All right. 2 00:00:07,793 --> 00:00:10,827 In this video, we are going to explore key based SSH login. 3 00:00:10,827 --> 00:00:12,240 Now, what is the thing? 4 00:00:12,240 --> 00:00:13,410 The thing is set by default. 5 00:00:13,410 --> 00:00:17,520 SSH access is based on username and password. 6 00:00:17,520 --> 00:00:19,020 And username and password, 7 00:00:19,020 --> 00:00:21,423 that's something that can be guessed or stolen. 8 00:00:22,683 --> 00:00:23,940 If you want to enhance security 9 00:00:23,940 --> 00:00:26,400 consider using key based access. 10 00:00:26,400 --> 00:00:30,443 Key based access is based on something that a user has 11 00:00:30,443 --> 00:00:33,330 and it's difficult to guess a key. 12 00:00:33,330 --> 00:00:34,620 It must be stolen 13 00:00:34,620 --> 00:00:38,220 and because it's more complicated, it increases security, 14 00:00:38,220 --> 00:00:40,830 if you use key based access. 15 00:00:40,830 --> 00:00:42,030 Now in key based access, 16 00:00:42,030 --> 00:00:45,270 the user creates a key pair and next is key pair is copied 17 00:00:45,270 --> 00:00:49,380 over to the SSH host and for additional protection, 18 00:00:49,380 --> 00:00:52,413 the key may be protected with a passphrase as well. 19 00:00:53,640 --> 00:00:55,350 Now, in order to create a key pair 20 00:00:55,350 --> 00:00:57,630 SSH key gen is the first thing to do. 21 00:00:57,630 --> 00:01:00,390 SSH copy ID to the SSH service, 22 00:01:00,390 --> 00:01:02,340 second thing to do. 23 00:01:02,340 --> 00:01:05,850 Now, let's talk about these pass phrases a little bit. 24 00:01:05,850 --> 00:01:07,965 To add protection to SSH keys, 25 00:01:07,965 --> 00:01:10,946 it should be protected with a passphrase. 26 00:01:10,946 --> 00:01:11,820 What is that? 27 00:01:11,820 --> 00:01:14,040 Well, that means that you have basically what 28 00:01:14,040 --> 00:01:16,713 we call multifactor authentication. 29 00:01:17,670 --> 00:01:20,760 So the authentication with SSH pass phrase 30 00:01:20,760 --> 00:01:22,080 protected keys is based 31 00:01:22,080 --> 00:01:25,320 on something the user has and something the user knows. 32 00:01:25,320 --> 00:01:27,906 So just stealing your key would not be enough to 33 00:01:27,906 --> 00:01:29,620 hack your account 34 00:01:31,710 --> 00:01:33,480 But there's one downside. 35 00:01:33,480 --> 00:01:35,850 Every time you initialize a session 36 00:01:35,850 --> 00:01:38,940 you need to enter the passphrase, and that is annoying. 37 00:01:38,940 --> 00:01:41,442 And that's why we have SSH agent. 38 00:01:41,442 --> 00:01:42,870 To fix this problem, 39 00:01:42,870 --> 00:01:46,140 you can use SSH agent /bin/bash. 40 00:01:46,140 --> 00:01:48,150 That will run the SSH agent 41 00:01:48,150 --> 00:01:50,973 which can catch the pass rates for the session duration. 42 00:01:52,267 --> 00:01:55,170 Next we use SSH add to add the current key 43 00:01:55,170 --> 00:01:58,470 to the agent and you'll enter the pass rates once. 44 00:01:58,470 --> 00:02:00,870 And from that moment on for the entire duration 45 00:02:00,870 --> 00:02:03,690 of the session, you won't have to enter it again. 46 00:02:03,690 --> 00:02:05,528 Of course, if you exit your session 47 00:02:05,528 --> 00:02:07,680 and you start a new session, you will 48 00:02:07,680 --> 00:02:11,970 you will need to repeat this procedure, but using SSH agent 49 00:02:11,970 --> 00:02:14,278 and SSH add is the ideal balance 50 00:02:14,278 --> 00:02:16,983 to convenience and security. 51 00:02:19,410 --> 00:02:22,620 All right, from the Ubuntu machine, I'm going to start 52 00:02:22,620 --> 00:02:26,520 with SSH key gen to generate the key pair. 53 00:02:26,520 --> 00:02:28,627 This is asking where to store the key. 54 00:02:28,627 --> 00:02:31,440 Well, this is the, the private key. 55 00:02:31,440 --> 00:02:33,330 I wanna store it in id_rsa. 56 00:02:33,330 --> 00:02:34,650 That's okay. 57 00:02:34,650 --> 00:02:37,050 Here it's asking for the passphrase. 58 00:02:37,050 --> 00:02:38,250 If you do not want to work 59 00:02:38,250 --> 00:02:39,897 with the passphrase, you just press enter 60 00:02:39,897 --> 00:02:42,510 but I do want to work with the passphrase. 61 00:02:42,510 --> 00:02:44,310 So I'm going to enter it here. 62 00:02:44,310 --> 00:02:48,570 And again, now it has created the private key, 63 00:02:48,570 --> 00:02:50,340 it has created the public key. 64 00:02:50,340 --> 00:02:52,750 There's even a public key fingerprint and 65 00:02:52,750 --> 00:02:55,170 and a key random art image 66 00:02:55,170 --> 00:02:58,770 which can be used for verification. 67 00:02:58,770 --> 00:03:00,660 But I'm going to copy over this key 68 00:03:00,660 --> 00:03:04,890 to the remote host because that is what is required 69 00:03:04,890 --> 00:03:07,080 in order to work with SSH keys. 70 00:03:07,080 --> 00:03:09,510 So SSH copy ID. 71 00:03:09,510 --> 00:03:14,130 Hey, can we use --help to figure out the port usage? 72 00:03:14,130 --> 00:03:15,084 Yes, we can. 73 00:03:15,084 --> 00:03:17,730 - P for port 2022. 74 00:03:17,730 --> 00:03:19,750 So -p 2022 75 00:03:23,052 --> 00:03:25,713 192.168.29.101. 76 00:03:27,660 --> 00:03:30,240 So it's asking for the password for the current user. 77 00:03:30,240 --> 00:03:31,073 There we go. 78 00:03:31,073 --> 00:03:33,150 And it has just copied it over. 79 00:03:33,150 --> 00:03:35,880 So now we can check and how do we do that? 80 00:03:35,880 --> 00:03:40,880 Well, SSH -p 2022 to 192.168.29.101. 81 00:03:44,430 --> 00:03:46,860 And now it's asking for the passphrase. 82 00:03:46,860 --> 00:03:49,489 So here we go, passphrase and I have access 83 00:03:49,489 --> 00:03:52,950 but the annoying thing is the next time it's asking 84 00:03:52,950 --> 00:03:54,120 for the passphrase. 85 00:03:54,120 --> 00:03:57,180 So every time you need to enter a passphrase 86 00:03:57,180 --> 00:03:59,190 that does make it very secure. 87 00:03:59,190 --> 00:04:01,919 That's true, but it's not very convenient. 88 00:04:01,919 --> 00:04:05,490 So first we use SSH agents /bin /bash 89 00:04:05,490 --> 00:04:08,730 to start the SSH agent for the bash l. 90 00:04:08,730 --> 00:04:12,807 Then we use SSH add to actually add the S passphrase 91 00:04:14,093 --> 00:04:15,540 to the agent. 92 00:04:15,540 --> 00:04:16,373 And there we go. 93 00:04:16,373 --> 00:04:18,540 You can see that the identity is added 94 00:04:18,540 --> 00:04:22,120 and now we can use SSH -p 2022 95 00:04:24,150 --> 00:04:26,010 to this host again 96 00:04:26,010 --> 00:04:29,070 and it's not asking for anything anymore. 97 00:04:29,070 --> 00:04:31,740 And that is how you can use SSH keys together 98 00:04:31,740 --> 00:04:36,000 with SSH agent and SSH add to make S access 99 00:04:36,000 --> 00:04:38,283 to your SSH server, 100 00:04:39,120 --> 00:04:41,223 secure and convenient.