Omg I looked through so many articles and videos before I landed on your video. And your video was the only one that showed a straight forward method; thank you!

Thank you for taking the time to share your hard earned knowledge. Much appreciated.

PermitRootLogin may default to 'yes' , so leaving it commented out or removing the entry entirely leaves it at default, ie; 'yes'. It mentions this at the top of the sshd_config, although I believe Ubuntu (and probably some others) modify this on install. In either case it's best to explicitly set it to 'no' to disable it.

I suppose to most this is basic, but this video finally made key authentication click for me. Read several text guides but none covered it quite as well. Thanks! I am setting up a VPS to run some services and trying to make it as secure as I can.

"Control + L" is faster for clearing the screen than just "clear"

Jumpbox tutorial please! I’m definitely interested in doing this :)

Thank you for this video! Could you please do a guide on SSH CA authorization? Maybe even using Hashicorps Vault for SSH-CA management and signing?

extra tip, if you are using a VPS provider, you can use their firewall to limit ssh access to your IP only.

This is fantastic timing. I had just been trying to learn more about SSH keys and searched your channel this week to see if you had a video on it. Thanks again for more great educational content.

Hi Tom , maybe for a follow up video explain about ssh keyfingerprints. In an enterprise setting you can end up with hundreds of keys associated with one SFTP/SSH account. You can up the logging of ssh on the server and then review the logs to identify exactly which SSH keys are being used. Then using -lf to determine those keys to do not meet current Corp security expectations ..... like those using 512 bit DSA.

Please do more videos on keys! A local server hosting keys for multiple people sounds super useful. Would be good to know how you make that secure too. I use keys but I don't 100% know the best way to use them. Do you create the key on your server or personal laptop and do you send the public or private key and can you use that key for multiple servers? And how do you manage multiple keys for multiple people on a single server?

A tutorial on the correct way to manage creeds in scripts would be great!

Yes, I am currently replacing my ssh keys with ed25519, just started this week, been stalling it for some good two years now..

SSH keys help me sleep at night. knowing that my all my Redhat servers 1400 miles away are doing the rsync file transfers at 2 AM. like they are suppose to do.

The -a has nothing to do with key generation randomness. It's only the iterations for the password derivation. If you don't use a password, you don't need -a

Nice tutorial. Wish for more if you could please. 🌺

Btw Windows 10/Server 2019 actually has ssh built in so you don't need Windows subsystem on Linux. Apparently you can even use for management of windows server - docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview

I'm sure somone asked this and sorry for the repeat. But if the private keep can be viewed in a file on your computer "id_ed25519" then the private keep is at risk of being viewed or copied. Is this why you suggest to encrypt the folder?

It's there a benefit to doing file encryption with Ed25519 keys vs 4096 RSA keys for file encryption?

Would you recommend to store Private and Public key inside Bitwarden?

I noticed that with the procedure described you ssh to the target machine using keys but not vis versa. Does that mean that you need to to do the same procedure from target to main machine in order to be able to connect using keys both ways?/??

Thanks good tutorial! I've set up for Linux to my pi4 but how do I setup for other devices do I generate new keys on each device or pc?

I keep my SSH keys in a KeePass file, KeePass under Windows can serve as ssh-agent. So i only need to unlock one store.

Is there a way to do this with a yubikey, with auto login?

Yet another way to ssh login is to use ed25519-sk keys + fido usb/nfc token.

Great, how to copy public key to TrueNAS Scale from Windows client? And how to assign a public key to specific user who has his own permissions to some directories but not others? Do I need to create a home directory and .ssh directory for each user in TrueNAS? --- Edit: I resolved all my questions.

hi i have setup a PBX server with key and use sshfs but when mounted the directory only has these privileges (drwxrwxr-x) but I cannot delete or copy or create how do I sort this please

I have my /home on a nfs share. Users can move around and keep the same private key.

when i want to generate the public key it says " 'cat' is not recognized as an internal or external command, operable program or batch file." how do i fix this?

Can you do a video on how to setup ssh keys with yubikey?

very nice video, i like

Interestingly, only RSA is supported via the Unifi controller GUI for SSH authentication 😢

Lol @ destroit yodeling company. 👍 Edit: There are a lot of large sequences of capital As in that private key. 🤔 I would definitely appreciate a video on key management and bastion servers.

Anyone using Home Assistant might find these keys aren't supported, I don't think Dropbear SSH supports them, at least not in the configurations I've seen.

What terminal client is being used? Thanks

Is it just me or does Tim keep twitching? He has a giant cup of, I suspect is, coffee sitting next to him which might explain it.

legit.

Time to replace password whit a ssh key 👍

BTW, occasionally I find a vendor that wants to use userid & password & ssh key to authenticate a session. Yeah go figure.

can i convert ed25519.pub to pem?

5:00 I'd recommend not to encrypt your disk unless you either live in a high-crime area, have a laptop that you take with you to public places, or the company requires you to do so.

Ssh-keygen, ssh-keyscan, ssh-copy-id

one thing i watch about these guys is when they say its easy and never explane the problem sad !!!!!!!!!!