Simple SSH public/private key question

Question

I am trying to learn this instead of just following guides so I can recommend proper actions when people do ask (and they do). Here is what I got down.

First, generate both key with command such as this:

ssh-keygen -b 2048 -t rsa -C comment -f ~/.ssh/id_rsa

Then you push the public part of the key into authorized_keys2 file

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys2

(and then chmod it to 600 or similar)

And you download the private key to your computer (id_rsa) and feed that in to Putty to be read and authenticate.

Are these the correct steps to setting this public/private key authentication for passwordless login to SSH?

Answer 1

While the steps you have described will work, there is a problem. You are generating the keypair on the target (remote) computer, and then downloading the private key file to your local system. There are security implications here that you should not overlook:

• If the remote is already compromised, somebody may have just grabbed your passphrase.
• If the remote system is compromised in the future, the attacker will have access to your private key file (and the luxury of using an offline brute-force attack to attempt to decrypt it).

Since you're using ssh key pairs to (try to) solve some of the problems inherent in password authentication, you usually want to do things this way:

• Generate the keypair on your local system. Ideally, the private key will (a) never be stored on a shared filesystem (e.g., NFS home directory), and (b) will never be stored on a computer that allows remote logins.

• Publish the public key far and wide. I keep my public key(s) on a web site so I can grab them whenever I need them. Put the public key in the appropriate authorized_keys files on systems to which you'll be connecting.

If you're especially paranoid, you can store your private key on a thumb drive, and only use the drive to load the key into a running ssh-agent. At this point, you don't need the actual key file anymore.

Answer 2

It may be better to generate the key on the client system(s). You may end up with a larger authorized_keys file, but it is easier to disable a compromised system. If you migrate the server's private key, you will need to regenerate and migrate the key to all the client systems. Each client should have it's own key.

Putty uses puttygen to generate the key. puttygen will also provide the public key in the correct format for pasting into the client system. It is best to protect the key with a passphrase if it is being used for login access. Pageant or ssh-agent can be used to hold the unprotected key in memory so that the passphrase does not need to be reentered on each connection.

Once you have added one key and set the protection, you can add additional keys with needing to reset the permissions. I usually upload the public key from the system with a name like example.pub where example is the name of the system the key belongs to.

Many implementations have returned to using authorized_keys as the key file. This file can be used to restrict the system the key will be accepted from, force a command to be run, limit access, and other things. View the man page for more details.

In some cases, it may be useful to have multiple keys on client system. This can be done to support batch processes which run with keys which don't have a password.

Answer 3

That looks good. Many people would do it in the opposite direction (generate the key locally, then push your .pub up to the server), but either can work.