Linux Crash Course - Public Key Authentication
Рет қаралды 35,808
Күн бұрын
@Ranblv 3 жыл бұрын
I am very inspired by how much you give back to the linux community. so today I started my own linux blog in my language. not sure how long I will last but I made the first step.
@cip7495 3 жыл бұрын
the best professor from the entire internet !!! THANK YOU!!!
@blkspade23 3 жыл бұрын
The SSH client has been a standard part of Windows 10 for quite some time now.
@ClifBridegum 3 жыл бұрын
AMAZING! This tutorial is perfect! I have been struggling big time with how to generate and share keys. Thanks for covering all platforms.
@NoEgg4u 3 жыл бұрын
@7:04 -- Setting a passphrase What would you need to do, if you did set a passphrase, but sometime later, you want to change your passphrase? Would you need to generate a new key pair, and upload the your new public key, to every server that has your old passphrase?
@irfandjokovic5843 3 жыл бұрын
You should be able to generate a new passphrase for the existing private-key using ssh-keygen -p
@NoEgg4u 3 жыл бұрын
@@irfandjokovic5843 Is that all? Just one command, and all is done? All of the servers will recognize the new key, and all logins to those remote servers will continue to work?
@jardeshna 3 жыл бұрын
@@NoEgg4u Good question lol. Gonna research the same, let me know if you found anything.
@dansanger5340 3 ай бұрын
@@NoEgg4u I think the passphrase is used only on the client so that SSH can unlock the encrypted private key file. The servers don't know or care about it.
@NinthwaveThe 3 жыл бұрын
At 14:40, why would one create a notepad file to save the public key if it's available within the PuttyGen when loading back the private key ?
@praecorloth 3 жыл бұрын
Hey Jay! Quick side note. Windows 10 does come with OpenSSH by default now. I forget which update brought it in, but Microsoft ported OpenSSH to Windows. The client is there by default, and you can install the server portion really easily. Just fire up a cmd or Powershell prompt, and ssh wherever you'd like to go. The ssh agent doesn't seem to be working yet, they have that disabled by default. And Windows won't use Pagent, so using keys properly can be quite the nuisance. But, then again, working in Windows in general is just a nuisance. :D This opens up the ability to manage your Windows servers using Ansible and SSH, rather than Ansible and...shudder...WinRM.
@ralpht4551 3 жыл бұрын
Win10 since 1604 i think, also supports SSH in cmd.
@stormbowman7148 3 жыл бұрын
Yeah, it is definitely default on my Windows 10. Including ssh-keygen. If you are curious Go to Apps > Optional Features and verify that Open SSH Client is shown as installed. It should be on current versions of Windows 10.
@try-that 3 жыл бұрын
Just started watching, gotta say I like the new opening, very nicely thought out and done.
@diablobarcelona 3 жыл бұрын
Would be really nice to for you to do a video on SSH User Certificates. They're absolutely superb, and make light work of managing users access to systems via SSH keys.
@christosbinos8467 11 ай бұрын
does anyone run into the issue where the password is simply never correct, when you know it is? What is thst caused by?
@NinthwaveThe 3 жыл бұрын
At 5:45, you mention that ssh-keygen will overide the actual one, if any. But you don't mention the consequences of that... If one is already there and you create a new one, is it a problem if you then copy the new key to the server ?
@garolstipock 3 жыл бұрын
No.. Just so you know what servers/services you need to update with your new key now that your prior key private & public key are gone.
@zm_gawr1638 Жыл бұрын
I have put elementary os on my old macbook from 2008 but the keys are completely wrong, do you know how my mac keys(cmd,alt,ctrl) work on elementary os?
@bw_merlin 3 жыл бұрын
This was brilliant, nice and simple.
@ArtemisiaFlenaugh 2 ай бұрын
You're doing a fantastic job! Could you help me with something unrelated: My OKX wallet holds some USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). How should I go about transferring them to Binance?
@ArtyomGalstyan Жыл бұрын
Does not work for me. I did everything correct, but the server still asks for the password. I checked file permissions, checked the config files, basically did everything, but it still does not work. Even chatgpt did not help.
@daredevil6145 Жыл бұрын
because it is the password for the server, his server 172...
@humangarbage3386 2 жыл бұрын
my kali did not have ssh installed
@flyingzeppo 3 жыл бұрын
I have a question about setting up PKA. If you do this, and disable password authentication, then what happens if your laptop blows up or gets stolen? Wouldn't you be locked out of your server forever? If you can only access your server through PKA, and you lose your computer that has the private key on it, then what happens?
@LearnLinuxTV 3 жыл бұрын
The first thing to think about, is whether or not you have the ability to view a console window. For example, many (if not most) cloud providers allow you to connect to the server via some sort of web console, kind of like a web KVM. You can still log in to that with your password, and you can temporarily enable password authentication to copy a new key. Virtualization solutions also allow you to access a console. If it's a physical server, you can plug in a monitor, keyboard, and mouse if it comes down to it. Disabling password authentication doesn't apply to console access, just access via OpenSSH.
@flyingzeppo 3 жыл бұрын
@@LearnLinuxTV Thank you.
@unbekannter_Nutzer 3 жыл бұрын
You should always have a backup. To be more precise, 3 backups. A backup on a second drive, a backup on a second machine and a remote backup, in case of a fire at your home/workingplace.
@whatevah666 3 жыл бұрын
nice, something that would be cool if you could do a tutorial on is how one can log onto linux via ldap and use groups for giving user sudo access and all that jazz, thanks!
@benjaminwharton6264 3 жыл бұрын
Thanks for the content!! This helped a lot.
@saidneder41 3 жыл бұрын
Thank you jay!
@cloudagnostic 3 жыл бұрын
Hi jay, I’ve implemented keys to connect to my servers in my lab, but I also make changes to the ssh config file to disable the pw prompt if someone tries to log in. Is that still necessary following this method?
@danbrown586 3 жыл бұрын
If you're authenticating using public keys, SSH shouldn't prompt for a password. But if you want to prevent users from logging in with a password, instead requiring public key authentication, you'd need to edit the sshd_config.
@cloudagnostic 3 жыл бұрын
@AstroCat yes! This is what I’ve always done to lockdown ssh.
@iankirk3537 3 жыл бұрын
It is optional to disable ssh password identification. If you leave it enabled then you can still connect with a password, that is why KZbin videos don't mention it. So people don't lock themselves out and blame the video.
@AnzanHoshinRoshi 3 жыл бұрын
Thank you, Jay.
@manoharreddyy1627 3 жыл бұрын
It is helpful and straightforward
@LearnLinuxTV 3 жыл бұрын
Thank you!
@danbrown586 3 жыл бұрын
Windows 10 *does* include an ssh client by default--just pull up CMD or PowerShell and run ssh user@host, just like in macOS or Linux.
@Ranblv 3 жыл бұрын
I use powershell based ssh all the time but I am not sure it will remember a private key or a public key unless you will use a very long command for it.
@praecorloth 3 жыл бұрын
@@Ranblv Powershell and CMD should both be using the same ssh command. You can define what keys it should use in an ssh config file. In most *nix systems, that's going to be /home/youruser/.ssh/config. In Windows, it's c:\Users\youruser\.ssh/config. I cannot recommend ssh config files enough. Definitely something to have in your toolbox. But just to get started, edit that config file, and put IdentityFile = C:\Users\youruser\.ssh\yourprivatekey Save it, close it. Now every time you ssh somewhere, you will use that private key.
@flierfy 3 жыл бұрын
Is it enough to remove the public key from the authorized_keys file to reverse the process?
@arijitkumarhaldar3197 3 жыл бұрын
Yes
@viliusk234 2 жыл бұрын
Winodow 10 Pro has ssh client, and ssh-keygen
@soniablanche5672 2 жыл бұрын
ssh comes with windows 10 and is usable with powershell
@LearnLinuxTV 2 жыл бұрын
Yup. And I wasn’t aware of that until about two weeks ago. Always something to learn!
@soniablanche5672 2 жыл бұрын
@@LearnLinuxTV I was actually using ssh with git bash up until I learned it comes with powershell
@yuriw777 3 жыл бұрын
Thx for the video! Question - do I have to disable password authentication on the ssh server in order for this to work properly?
@arijitkumarhaldar3197 3 жыл бұрын
No... actually key authentication takes higher preference...but if the keys don't match for some reason...ssh reverts back to password authentication. So..in a hypothetical attack situation..it leaves the password to be breached. So.. password authentication is disabled in ssh config file. But..you don't mandatorily need to disable it for key authentication to work.
@yuriw777 3 жыл бұрын
@@arijitkumarhaldar3197 I understand it is not required, but why would the password authentication option stay enabled to invite possible attacks?
@LearnLinuxTV 3 жыл бұрын
It's recommended to disable password authentication. I have a separate video about that. I'll place a link to that video into the description for this one.
@arijitkumarhaldar3197 3 жыл бұрын
@@yuriw777 Ya..sorry... maybe I wasn't clear about it. You are absolutely right if you are doing that for security reasons. But..if you are just testing out key authentication, then you don't mandatorily need to disable password authentication for key to work. In the long run, it is recommended to disable password authentication altogether.
@raul230285 2 жыл бұрын
AMAZING...!!!
@martinshin9801 3 жыл бұрын
Nice video! Can you use the same public key to connect to different servers? Or, can you create multiple pairs for individual servers you connect to?
@arijitkumarhaldar3197 3 жыл бұрын
You can do either... according to your convenience
@LearnLinuxTV 3 жыл бұрын
You can - but I'm going to create a separate video about multiple SSH keys in the future, and I think that video will help everyone understand better how that works. I don't have an ETA yet, but it WILL happen. :)
@redmictian 3 жыл бұрын
@@LearnLinuxTV please, cover security concerns in that video
@s4shermman 10 ай бұрын
Awesome vid
@andersmeiniche2746 3 жыл бұрын
How about to disable the password login ;o)
@grmasdfII 3 жыл бұрын
Key management next please ;P
@LearnLinuxTV 3 жыл бұрын
That's absolutely on my list. It may take a bit of time, but I'm going to see if this is something I can get out by the end of October. It's a very important topic to cover for sure. Thanks!
@subee128 11 ай бұрын
Thank you
@steffiesing5449 3 жыл бұрын
i want a sticker of your logo , so i can stick it to my laptop :D
@LearnLinuxTV 3 жыл бұрын
I'll make a note to start offering that, not sure when it will be ready, but I'll make it happen. I actually want one too. LOL
@sylviaalonjang-8709 3 ай бұрын
I prefer mobaxterm...more user friendly
@crazyivan315 3 жыл бұрын
Using putty in a world where windows terminal exists...
@LearnLinuxTV 3 жыл бұрын
PuTTY is still a valid solution though. And other methods within Windows are also fair game for stand-alone videos. I'm not done with this topic just yet.
@noferblatz 3 жыл бұрын
Passwords are fine. This anti-password propaganda is a silly trend in IT.
@praecorloth 3 жыл бұрын
It's just big-key tryin' to keep us down!
@grmasdfII 3 жыл бұрын
Passwords are fine - until someone actually *tries* to get in.
@dansanger5340 3 ай бұрын
I agree. That's why I always use "passw0rd" as my password. Nobody will ever guess that I replaced the o with a 0!
That Little Puff
Рет қаралды 24 МЛН
The Linux Experiment
Рет қаралды 274 М.