Omg I looked through so many articles and videos before I landed on your video. And your video was the only one that showed a straight forward method; thank you!

Thank you for taking the time to share your hard earned knowledge. Much appreciated.

I suppose to most this is basic, but this video finally made key authentication click for me. Read several text guides but none covered it quite as well. Thanks! I am setting up a VPS to run some services and trying to make it as secure as I can.

PermitRootLogin may default to 'yes' , so leaving it commented out or removing the entry entirely leaves it at default, ie; 'yes'. It mentions this at the top of the sshd_config, although I believe Ubuntu (and probably some others) modify this on install. In either case it's best to explicitly set it to 'no' to disable it.

Jumpbox tutorial please! I’m definitely interested in doing this :)

Thank you for this video! Could you please do a guide on SSH CA authorization? Maybe even using Hashicorps Vault for SSH-CA management and signing?

"Control + L" is faster for clearing the screen than just "clear"

extra tip, if you are using a VPS provider, you can use their firewall to limit ssh access to your IP only.

This is fantastic timing. I had just been trying to learn more about SSH keys and searched your channel this week to see if you had a video on it. Thanks again for more great educational content.

Hi Tom , maybe for a follow up video explain about ssh keyfingerprints. In an enterprise setting you can end up with hundreds of keys associated with one SFTP/SSH account. You can up the logging of ssh on the server and then review the logs to identify exactly which SSH keys are being used. Then using -lf to determine those keys to do not meet current Corp security expectations ..... like those using 512 bit DSA.

Please do more videos on keys! A local server hosting keys for multiple people sounds super useful. Would be good to know how you make that secure too. I use keys but I don't 100% know the best way to use them. Do you create the key on your server or personal laptop and do you send the public or private key and can you use that key for multiple servers? And how do you manage multiple keys for multiple people on a single server?

A tutorial on the correct way to manage creeds in scripts would be great!

Yes, I am currently replacing my ssh keys with ed25519, just started this week, been stalling it for some good two years now..

It's there a benefit to doing file encryption with Ed25519 keys vs 4096 RSA keys for file encryption?

Would you recommend to store Private and Public key inside Bitwarden?

Nice tutorial. Wish for more if you could please. 🌺

SSH keys help me sleep at night. knowing that my all my Redhat servers 1400 miles away are doing the rsync file transfers at 2 AM. like they are suppose to do.

The -a has nothing to do with key generation randomness. It's only the iterations for the password derivation. If you don't use a password, you don't need -a

I'm sure somone asked this and sorry for the repeat. But if the private keep can be viewed in a file on your computer "id_ed25519" then the private keep is at risk of being viewed or copied. Is this why you suggest to encrypt the folder?

hi i have setup a PBX server with key and use sshfs but when mounted the directory only has these privileges (drwxrwxr-x) but I cannot delete or copy or create how do I sort this please

I noticed that with the procedure described you ssh to the target machine using keys but not vis versa. Does that mean that you need to to do the same procedure from target to main machine in order to be able to connect using keys both ways?/??

Btw Windows 10/Server 2019 actually has ssh built in so you don't need Windows subsystem on Linux. Apparently you can even use for management of windows server - docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview

Thanks good tutorial! I've set up for Linux to my pi4 but how do I setup for other devices do I generate new keys on each device or pc?

Is there a way to do this with a yubikey, with auto login?

when i want to generate the public key it says " 'cat' is not recognized as an internal or external command, operable program or batch file." how do i fix this?

Great, how to copy public key to TrueNAS Scale from Windows client? And how to assign a public key to specific user who has his own permissions to some directories but not others? Do I need to create a home directory and .ssh directory for each user in TrueNAS? --- Edit: I resolved all my questions.

Lol @ destroit yodeling company. 👍 Edit: There are a lot of large sequences of capital As in that private key. 🤔 I would definitely appreciate a video on key management and bastion servers.

I keep my SSH keys in a KeePass file, KeePass under Windows can serve as ssh-agent. So i only need to unlock one store.

What terminal client is being used? Thanks

Can you do a video on how to setup ssh keys with yubikey?

I have my /home on a nfs share. Users can move around and keep the same private key.

Yet another way to ssh login is to use ed25519-sk keys + fido usb/nfc token.

Interestingly, only RSA is supported via the Unifi controller GUI for SSH authentication 😢

very nice video, i like

Is it just me or does Tim keep twitching? He has a giant cup of, I suspect is, coffee sitting next to him which might explain it.

can i convert ed25519.pub to pem?

Anyone using Home Assistant might find these keys aren't supported, I don't think Dropbear SSH supports them, at least not in the configurations I've seen.

Time to replace password whit a ssh key 👍

legit.

BTW, occasionally I find a vendor that wants to use userid & password & ssh key to authenticate a session. Yeah go figure.

5:00 I'd recommend not to encrypt your disk unless you either live in a high-crime area, have a laptop that you take with you to public places, or the company requires you to do so.

Ssh-keygen, ssh-keyscan, ssh-copy-id

one thing i watch about these guys is when they say its easy and never explane the problem sad !!!!!!!!!!