How To Generate Ed25519 SSH Keys, Install Them, and Configure Secure Passwordless Authentication

  Рет қаралды 37,004

Lawrence Systems

Lawrence Systems

Күн бұрын

Пікірлер: 66
@Icymaiden
@Icymaiden 2 жыл бұрын
Omg I looked through so many articles and videos before I landed on your video. And your video was the only one that showed a straight forward method; thank you!
@ddstutorials6048
@ddstutorials6048 3 жыл бұрын
Thank you for taking the time to share your hard earned knowledge. Much appreciated.
@LAWRENCESYSTEMS
@LAWRENCESYSTEMS 3 жыл бұрын
My pleasure!
@jasonrm999
@jasonrm999 4 жыл бұрын
PermitRootLogin may default to 'yes' , so leaving it commented out or removing the entry entirely leaves it at default, ie; 'yes'. It mentions this at the top of the sshd_config, although I believe Ubuntu (and probably some others) modify this on install. In either case it's best to explicitly set it to 'no' to disable it.
@LAWRENCESYSTEMS
@LAWRENCESYSTEMS 4 жыл бұрын
Good point
@willrun4fun
@willrun4fun 3 ай бұрын
I suppose to most this is basic, but this video finally made key authentication click for me. Read several text guides but none covered it quite as well. Thanks! I am setting up a VPS to run some services and trying to make it as secure as I can.
@mondskiez309
@mondskiez309 4 жыл бұрын
"Control + L" is faster for clearing the screen than just "clear"
@LAWRENCESYSTEMS
@LAWRENCESYSTEMS 4 жыл бұрын
True
@jamesswartz1779
@jamesswartz1779 4 жыл бұрын
@@LAWRENCESYSTEMS and yet i always use the clear command for some reason. its super weird.
@nevoyu
@nevoyu 4 жыл бұрын
Brother thats a game changer.
@ankh-ef-en-khonsu3274
@ankh-ef-en-khonsu3274 4 жыл бұрын
Yikes - that is a bit pedantic.
@kosmonautofficial296
@kosmonautofficial296 3 жыл бұрын
@@ankh-ef-en-khonsu3274 You could have said "Control + P"
@ShaneAJM
@ShaneAJM 4 жыл бұрын
Jumpbox tutorial please! I’m definitely interested in doing this :)
@danieleperera6788
@danieleperera6788 4 жыл бұрын
Interested in jumpbox video!
@diffiq
@diffiq 4 жыл бұрын
Thank you for this video! Could you please do a guide on SSH CA authorization? Maybe even using Hashicorps Vault for SSH-CA management and signing?
@kenkelvin4023
@kenkelvin4023 3 жыл бұрын
Use CERTBOT
@diffiq
@diffiq 3 жыл бұрын
@@kenkelvin4023 isn’t CERTBOT mainly used for HTTP? My request for SSH-CA was to have a CA that signs SSH keys and applies time limits to that signed SSH key (key rotation).
@abdraoufx
@abdraoufx 4 жыл бұрын
extra tip, if you are using a VPS provider, you can use their firewall to limit ssh access to your IP only.
@EliSmith
@EliSmith 3 жыл бұрын
Be careful with this, because if your IP changes, you'll be locked out of the VPS(unless your VPS has KVM accessible)
@charlescc1000
@charlescc1000 4 жыл бұрын
This is fantastic timing. I had just been trying to learn more about SSH keys and searched your channel this week to see if you had a video on it. Thanks again for more great educational content.
@bwhite5310
@bwhite5310 4 жыл бұрын
Hi Tom , maybe for a follow up video explain about ssh keyfingerprints. In an enterprise setting you can end up with hundreds of keys associated with one SFTP/SSH account. You can up the logging of ssh on the server and then review the logs to identify exactly which SSH keys are being used. Then using -lf to determine those keys to do not meet current Corp security expectations ..... like those using 512 bit DSA.
@hawks5196
@hawks5196 4 жыл бұрын
Please do more videos on keys! A local server hosting keys for multiple people sounds super useful. Would be good to know how you make that secure too. I use keys but I don't 100% know the best way to use them. Do you create the key on your server or personal laptop and do you send the public or private key and can you use that key for multiple servers? And how do you manage multiple keys for multiple people on a single server?
@iandawson7920
@iandawson7920 4 жыл бұрын
A tutorial on the correct way to manage creeds in scripts would be great!
@svettnabb
@svettnabb 4 жыл бұрын
Yes, I am currently replacing my ssh keys with ed25519, just started this week, been stalling it for some good two years now..
@jeffherdzina6716
@jeffherdzina6716 4 жыл бұрын
SSH keys help me sleep at night. knowing that my all my Redhat servers 1400 miles away are doing the rsync file transfers at 2 AM. like they are suppose to do.
@berndeckenfels
@berndeckenfels 4 жыл бұрын
The -a has nothing to do with key generation randomness. It's only the iterations for the password derivation. If you don't use a password, you don't need -a
@darkhog1
@darkhog1 2 жыл бұрын
Thanks Bernd! I was just about to leave a comment to ask the same thing! -a means more iterations of complexity on turning the passphrase into unlocking the private key. Higher number means harder to brute force.
@MichealG
@MichealG 4 жыл бұрын
Nice tutorial. Wish for more if you could please. 🌺
@kayant12
@kayant12 4 жыл бұрын
Btw Windows 10/Server 2019 actually has ssh built in so you don't need Windows subsystem on Linux. Apparently you can even use for management of windows server - docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview
@nikiforossarantoglou5917
@nikiforossarantoglou5917 4 жыл бұрын
It's OpenSSH implemented for windows. Doesn't have every functionality like on linux but it has the most used. For example it lacks ssh-copy-id so you need a workaround on that.
@angelalita77
@angelalita77 2 жыл бұрын
I'm sure somone asked this and sorry for the repeat. But if the private keep can be viewed in a file on your computer "id_ed25519" then the private keep is at risk of being viewed or copied. Is this why you suggest to encrypt the folder?
@TheBlueThird
@TheBlueThird 2 жыл бұрын
It's there a benefit to doing file encryption with Ed25519 keys vs 4096 RSA keys for file encryption?
@realzeti
@realzeti 8 ай бұрын
Would you recommend to store Private and Public key inside Bitwarden?
@ierosgr
@ierosgr 4 жыл бұрын
I noticed that with the procedure described you ssh to the target machine using keys but not vis versa. Does that mean that you need to to do the same procedure from target to main machine in order to be able to connect using keys both ways?/??
@indigowyrm
@indigowyrm 4 жыл бұрын
Thanks good tutorial! I've set up for Linux to my pi4 but how do I setup for other devices do I generate new keys on each device or pc?
@berndeckenfels
@berndeckenfels 4 жыл бұрын
I keep my SSH keys in a KeePass file, KeePass under Windows can serve as ssh-agent. So i only need to unlock one store.
@IndigoVFX
@IndigoVFX 4 жыл бұрын
Nice tip / good reminder. Thanks! I’ve been using Bitwarden a lot recently but I keep looking for missing features. I’ll have to check this shortly.
@Vandwo
@Vandwo 4 жыл бұрын
And hopefully you enabled the untrusty bitlocker, just in case :)
@AustinStAubin
@AustinStAubin 4 жыл бұрын
Is there a way to do this with a yubikey, with auto login?
@tresor139
@tresor139 4 жыл бұрын
Yet another way to ssh login is to use ed25519-sk keys + fido usb/nfc token.
@RebelliousX
@RebelliousX 6 ай бұрын
Great, how to copy public key to TrueNAS Scale from Windows client? And how to assign a public key to specific user who has his own permissions to some directories but not others? Do I need to create a home directory and .ssh directory for each user in TrueNAS? --- Edit: I resolved all my questions.
@johnwatson8346
@johnwatson8346 Жыл бұрын
hi i have setup a PBX server with key and use sshfs but when mounted the directory only has these privileges (drwxrwxr-x) but I cannot delete or copy or create how do I sort this please
@Paulsobj
@Paulsobj 4 жыл бұрын
I have my /home on a nfs share. Users can move around and keep the same private key.
@decayingskulls7088
@decayingskulls7088 3 жыл бұрын
when i want to generate the public key it says " 'cat' is not recognized as an internal or external command, operable program or batch file." how do i fix this?
@danielework3512
@danielework3512 4 жыл бұрын
Can you do a video on how to setup ssh keys with yubikey?
@morganjennings3164
@morganjennings3164 4 жыл бұрын
very nice video, i like
@_Steven_S
@_Steven_S 4 жыл бұрын
Interestingly, only RSA is supported via the Unifi controller GUI for SSH authentication 😢
@scbtripwire
@scbtripwire 4 жыл бұрын
Lol @ destroit yodeling company. 👍 Edit: There are a lot of large sequences of capital As in that private key. 🤔 I would definitely appreciate a video on key management and bastion servers.
@zxcvb_bvcxz
@zxcvb_bvcxz 4 жыл бұрын
Anyone using Home Assistant might find these keys aren't supported, I don't think Dropbear SSH supports them, at least not in the configurations I've seen.
@moneet4682
@moneet4682 4 жыл бұрын
What terminal client is being used? Thanks
@dstdg18
@dstdg18 4 жыл бұрын
Is it just me or does Tim keep twitching? He has a giant cup of, I suspect is, coffee sitting next to him which might explain it.
@LAWRENCESYSTEMS
@LAWRENCESYSTEMS 4 жыл бұрын
☕☕I do drink a lot of coffee ☕☕
@mrlithium69
@mrlithium69 4 жыл бұрын
legit.
@Tntdruid
@Tntdruid 4 жыл бұрын
Time to replace password whit a ssh key 👍
@bwhite5310
@bwhite5310 4 жыл бұрын
BTW, occasionally I find a vendor that wants to use userid & password & ssh key to authenticate a session. Yeah go figure.
@gerard2523
@gerard2523 3 жыл бұрын
can i convert ed25519.pub to pem?
@caleb-hill
@caleb-hill 3 жыл бұрын
5:00 I'd recommend not to encrypt your disk unless you either live in a high-crime area, have a laptop that you take with you to public places, or the company requires you to do so.
@rcdenis1
@rcdenis1 4 жыл бұрын
Ssh-keygen, ssh-keyscan, ssh-copy-id
@voltmanip
@voltmanip 6 ай бұрын
one thing i watch about these guys is when they say its easy and never explane the problem sad !!!!!!!!!!
@LAWRENCESYSTEMS
@LAWRENCESYSTEMS 6 ай бұрын
The video is about how to generate SSH keys and that is what I show in the video.
Configuring SSH FIDO U2F Authentication with YubiKey
9:46
Lawrence Systems
Рет қаралды 45 М.
SSH Jump Server Access and How To Pivot Using OpenVPN & Proxychains
24:10
Симбу закрыли дома?! 🔒 #симба #симбочка #арти
00:41
Симбочка Пимпочка
Рет қаралды 5 МЛН
The IMPOSSIBLE Puzzle..
00:55
Stokes Twins
Рет қаралды 185 МЛН
OpenSSH is about to change. (For the better.)
10:00
Veronica Explains
Рет қаралды 141 М.
How To Protect Your Linux Server From Hackers!
20:38
LiveOverflow
Рет қаралды 306 М.
5 Must Have Tweaks to Secure OpenSSH
21:48
Learn Linux TV
Рет қаралды 30 М.
How to use Multiple SSH Keys | Managing Different SSH Keys on your System
21:29
The Most Important Bitwarden Setting You Never Heard Of
12:20
Jason Rebholz - TeachMeCyber
Рет қаралды 60 М.
Don't use passwords anymore! Teleport with YubiKey passwordless login
20:59
Getting Started With TMUX
24:07
Lawrence Systems
Рет қаралды 25 М.
How SSH Works
8:54
Mental Outlaw
Рет қаралды 558 М.
Getting Started with OpenSSH Key Management
23:31
Learn Linux TV
Рет қаралды 45 М.
РАЗВОД С iPHONE ЗА 600.000 @alisherbeisebai #smartphone #айфон
1:01
ТЕХНОБЛОГ АЛИША
Рет қаралды 228 М.