Omg I looked through so many articles and videos before I landed on your video. And your video was the only one that showed a straight forward method; thank you!
@ddstutorials60483 жыл бұрын
Thank you for taking the time to share your hard earned knowledge. Much appreciated.
@LAWRENCESYSTEMS3 жыл бұрын
My pleasure!
@jasonrm9994 жыл бұрын
PermitRootLogin may default to 'yes' , so leaving it commented out or removing the entry entirely leaves it at default, ie; 'yes'. It mentions this at the top of the sshd_config, although I believe Ubuntu (and probably some others) modify this on install. In either case it's best to explicitly set it to 'no' to disable it.
@LAWRENCESYSTEMS4 жыл бұрын
Good point
@willrun4fun3 ай бұрын
I suppose to most this is basic, but this video finally made key authentication click for me. Read several text guides but none covered it quite as well. Thanks! I am setting up a VPS to run some services and trying to make it as secure as I can.
@mondskiez3094 жыл бұрын
"Control + L" is faster for clearing the screen than just "clear"
@LAWRENCESYSTEMS4 жыл бұрын
True
@jamesswartz17794 жыл бұрын
@@LAWRENCESYSTEMS and yet i always use the clear command for some reason. its super weird.
@nevoyu4 жыл бұрын
Brother thats a game changer.
@ankh-ef-en-khonsu32744 жыл бұрын
Yikes - that is a bit pedantic.
@kosmonautofficial2963 жыл бұрын
@@ankh-ef-en-khonsu3274 You could have said "Control + P"
@ShaneAJM4 жыл бұрын
Jumpbox tutorial please! I’m definitely interested in doing this :)
@danieleperera67884 жыл бұрын
Interested in jumpbox video!
@diffiq4 жыл бұрын
Thank you for this video! Could you please do a guide on SSH CA authorization? Maybe even using Hashicorps Vault for SSH-CA management and signing?
@kenkelvin40233 жыл бұрын
Use CERTBOT
@diffiq3 жыл бұрын
@@kenkelvin4023 isn’t CERTBOT mainly used for HTTP? My request for SSH-CA was to have a CA that signs SSH keys and applies time limits to that signed SSH key (key rotation).
@abdraoufx4 жыл бұрын
extra tip, if you are using a VPS provider, you can use their firewall to limit ssh access to your IP only.
@EliSmith3 жыл бұрын
Be careful with this, because if your IP changes, you'll be locked out of the VPS(unless your VPS has KVM accessible)
@charlescc10004 жыл бұрын
This is fantastic timing. I had just been trying to learn more about SSH keys and searched your channel this week to see if you had a video on it. Thanks again for more great educational content.
@bwhite53104 жыл бұрын
Hi Tom , maybe for a follow up video explain about ssh keyfingerprints. In an enterprise setting you can end up with hundreds of keys associated with one SFTP/SSH account. You can up the logging of ssh on the server and then review the logs to identify exactly which SSH keys are being used. Then using -lf to determine those keys to do not meet current Corp security expectations ..... like those using 512 bit DSA.
@hawks51964 жыл бұрын
Please do more videos on keys! A local server hosting keys for multiple people sounds super useful. Would be good to know how you make that secure too. I use keys but I don't 100% know the best way to use them. Do you create the key on your server or personal laptop and do you send the public or private key and can you use that key for multiple servers? And how do you manage multiple keys for multiple people on a single server?
@iandawson79204 жыл бұрын
A tutorial on the correct way to manage creeds in scripts would be great!
@svettnabb4 жыл бұрын
Yes, I am currently replacing my ssh keys with ed25519, just started this week, been stalling it for some good two years now..
@jeffherdzina67164 жыл бұрын
SSH keys help me sleep at night. knowing that my all my Redhat servers 1400 miles away are doing the rsync file transfers at 2 AM. like they are suppose to do.
@berndeckenfels4 жыл бұрын
The -a has nothing to do with key generation randomness. It's only the iterations for the password derivation. If you don't use a password, you don't need -a
@darkhog12 жыл бұрын
Thanks Bernd! I was just about to leave a comment to ask the same thing! -a means more iterations of complexity on turning the passphrase into unlocking the private key. Higher number means harder to brute force.
@MichealG4 жыл бұрын
Nice tutorial. Wish for more if you could please. 🌺
@kayant124 жыл бұрын
Btw Windows 10/Server 2019 actually has ssh built in so you don't need Windows subsystem on Linux. Apparently you can even use for management of windows server - docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview
@nikiforossarantoglou59174 жыл бұрын
It's OpenSSH implemented for windows. Doesn't have every functionality like on linux but it has the most used. For example it lacks ssh-copy-id so you need a workaround on that.
@angelalita772 жыл бұрын
I'm sure somone asked this and sorry for the repeat. But if the private keep can be viewed in a file on your computer "id_ed25519" then the private keep is at risk of being viewed or copied. Is this why you suggest to encrypt the folder?
@TheBlueThird2 жыл бұрын
It's there a benefit to doing file encryption with Ed25519 keys vs 4096 RSA keys for file encryption?
@realzeti8 ай бұрын
Would you recommend to store Private and Public key inside Bitwarden?
@ierosgr4 жыл бұрын
I noticed that with the procedure described you ssh to the target machine using keys but not vis versa. Does that mean that you need to to do the same procedure from target to main machine in order to be able to connect using keys both ways?/??
@indigowyrm4 жыл бұрын
Thanks good tutorial! I've set up for Linux to my pi4 but how do I setup for other devices do I generate new keys on each device or pc?
@berndeckenfels4 жыл бұрын
I keep my SSH keys in a KeePass file, KeePass under Windows can serve as ssh-agent. So i only need to unlock one store.
@IndigoVFX4 жыл бұрын
Nice tip / good reminder. Thanks! I’ve been using Bitwarden a lot recently but I keep looking for missing features. I’ll have to check this shortly.
@Vandwo4 жыл бұрын
And hopefully you enabled the untrusty bitlocker, just in case :)
@AustinStAubin4 жыл бұрын
Is there a way to do this with a yubikey, with auto login?
@tresor1394 жыл бұрын
Yet another way to ssh login is to use ed25519-sk keys + fido usb/nfc token.
@RebelliousX6 ай бұрын
Great, how to copy public key to TrueNAS Scale from Windows client? And how to assign a public key to specific user who has his own permissions to some directories but not others? Do I need to create a home directory and .ssh directory for each user in TrueNAS? --- Edit: I resolved all my questions.
@johnwatson8346 Жыл бұрын
hi i have setup a PBX server with key and use sshfs but when mounted the directory only has these privileges (drwxrwxr-x) but I cannot delete or copy or create how do I sort this please
@Paulsobj4 жыл бұрын
I have my /home on a nfs share. Users can move around and keep the same private key.
@decayingskulls70883 жыл бұрын
when i want to generate the public key it says " 'cat' is not recognized as an internal or external command, operable program or batch file." how do i fix this?
@danielework35124 жыл бұрын
Can you do a video on how to setup ssh keys with yubikey?
@morganjennings31644 жыл бұрын
very nice video, i like
@_Steven_S4 жыл бұрын
Interestingly, only RSA is supported via the Unifi controller GUI for SSH authentication 😢
@scbtripwire4 жыл бұрын
Lol @ destroit yodeling company. 👍 Edit: There are a lot of large sequences of capital As in that private key. 🤔 I would definitely appreciate a video on key management and bastion servers.
@zxcvb_bvcxz4 жыл бұрын
Anyone using Home Assistant might find these keys aren't supported, I don't think Dropbear SSH supports them, at least not in the configurations I've seen.
@moneet46824 жыл бұрын
What terminal client is being used? Thanks
@dstdg184 жыл бұрын
Is it just me or does Tim keep twitching? He has a giant cup of, I suspect is, coffee sitting next to him which might explain it.
@LAWRENCESYSTEMS4 жыл бұрын
☕☕I do drink a lot of coffee ☕☕
@mrlithium694 жыл бұрын
legit.
@Tntdruid4 жыл бұрын
Time to replace password whit a ssh key 👍
@bwhite53104 жыл бұрын
BTW, occasionally I find a vendor that wants to use userid & password & ssh key to authenticate a session. Yeah go figure.
@gerard25233 жыл бұрын
can i convert ed25519.pub to pem?
@caleb-hill3 жыл бұрын
5:00 I'd recommend not to encrypt your disk unless you either live in a high-crime area, have a laptop that you take with you to public places, or the company requires you to do so.
@rcdenis14 жыл бұрын
Ssh-keygen, ssh-keyscan, ssh-copy-id
@voltmanip6 ай бұрын
one thing i watch about these guys is when they say its easy and never explane the problem sad !!!!!!!!!!
@LAWRENCESYSTEMS6 ай бұрын
The video is about how to generate SSH keys and that is what I show in the video.