SSH Keys Authentication Method

-

Until now, we have made a habit of using the password as the sole factor of authentication. However, you should know that it is also possible to use another factor, a key. This is sometimes preferred because the key avoids having to remember different passwords systematically. Here we will see the general operation of this authentication method.

It is common on SSH keys servers to only allow key authentication to secure this protocol. Therefore, the key generation is mainly done under Linux without too much problem since OpenSSH is natively present there. Under Windows, however, some operations have to be carried out to generate and send our key to the server.

SSH Keys authentication is therefore done via a pair of keys, and the client will thus generate a pair of keys, one public and one private. He will, of course, keep his private key to himself and send the public key to the SSH server, which will store it in a place provided for this purpose.



Generation of the key

Since an SSH client can be a Linux or Windows client, we will see how to generate this key pair on Linux from the command line and Windows via PuttyGen.


Generate a key pair on Linux

First, let's see how to generate a key pair in Linux from the command line. For that, we will use the "ssh - keygen" command:

ssh-keygen

If no option is specified, a 2048-bit RSA key will be created, which is acceptable today in terms of security. If you want to specify another key size, you can use the " -b " option:

ssh-keygen -b 4096

By default, the key will be stored in the directory. ssh / of the current user (Example: / root / .ssh for the root user ).

We will then be offered to enter a passphrase, I recommend that you put one! Concretely, we have seen that a key can be sent to several servers to avoid having to enter a password, as the owner of the private key corresponding to the public key sent to the SSH server on which we want to connect, the server will accept us directly.

However, if a third party manages to steal our private key, they will be able to connect to the servers without a password. Thus, a passphrase allows the protection of our private key via a password, or rather a passphrase (" passphrase "). The advantage over an SSH password is that you only have to remember one password, that of your private key and not one password per SSH server.

Once created, you will be able to see SSH Keys in the user's ". Ssh " directory:

root @ itc-server-01 : ~ # ls -al .ssh 

total 20 

drwx ------ 2 root root 4096 Jun 8 11:15. 

drwx ------ 10 root root 4096 June 8 11:11 .. 

-rw ------- 1 root root 3247 June 8 11:18 id_rsa 

-rw-r - r-- 1 root root 745 Jun 8 11:18 id_rsa.pub 

-rw-r - r-- 1 root root 444 April 23 03:34 known_hosts


As a reminder, we are still here on a Linux client, we notice the existence of another "known hosts" file, and this is a file used to identify a server. If you connect in SSH Keys to several servers from your user ("root" in my case), your known host file will gradually fill up. This leads, among other things, to the fact that a validation request for the server key is requested the first time the server is connected but not during subsequent connections.


SSH key authentication on Windows


Putty now needs to know where our private key is to establish valid communication with the server. After launching it and entering the IP of our server, we will go to the " Connection" > " SSH" > " Auth" section then we will click on " Browse" to find our private key next to the "field" Private key file for authentication.

We can then start the connection by clicking on “Open ". We will then be asked for the user we want to connect with. You must of course enter the one whose “home" contains the “.ssh / authorized SSH Keys" that we have just modified.

We will then have to enter our passphrase if we entered one when creating the key, then the authentication will be done by itself using the SSH Keys.


Comments

Post a Comment

Popular posts from this blog

Secure Your Data From Hacker With RBAC System

-
The role based access control system is a secure security approach that helps to protect your business sensitive data from cyber hackers. It is an authorized and restricted cyber security system that gives access data to users that is based on their roles within an organization. It is based on the concept of roles and privileges. The data using the access system is dependent upon authority, competency, and responsibilities.
Read more

Security of Zero Trust Model in Business Infrastructure

-
The Zero Trust Mode l is a cybersecurity approach that assumes no trust by default, both inside and outside a corporate network. This means that every user, device, and application trying to access resources on a private network must be verified and authenticated, regardless of their location or network environment. The model challenges the traditional notion of "trust but verify" by implementing strict access controls and continuous verification processes. 
Read more

Zero Trust vs. Traditional Security: The Power of Automation and AI in Modern Cybersecurity

-
Image
The Zero Trust Model has emerged as a powerful alternative to traditional security models in the ever-evolving cybersecurity landscape. It challenges the long-standing notion of Trust within a network and offers a more proactive, comprehensive approach to safeguarding sensitive data.  This article conducts a comparative analysis of Zero Trust and traditional security models, shedding light on what sets Zero Trust apart and why it is gaining momentum. Traditional Security: The Perimeter Defense Paradigm The idea of a network perimeter has long been a cornerstone of conventional security approaches. Trust is often assumed inside the network, while external entities are treated as potential threats. Critical characteristics of traditional security include: Firewalls and Intrusion Detection Systems (IDS) - They serve as a perimeter defense and stop unlawful entry. To identify insider risks, though, they might have trouble. VPN and Network Segmentation -   These technologies crea...
Read more