Getting Started with OpenSSH Key Management

Amazing job. I've learned a lot from you. Thank you so much. Please keep posting videos about day to day tasks.
I'm looking forward to know the best packages used in everyday chores

soroushsafarzadeh

Although there was nothing new for me in this video I enjoy watching each of your videos so much because of your great teaching skills (or would one say didactics?).
I even consider ordering your Ubuntu Server book even though Ubuntu isn't my particular distro pick.

othernicksweretaken

You're by FAR my favorite Linux teacher! 😊

I think there is a better way to name the keys. Keep the prefix, such as id_rsa and id_ed25519, and add a suffix, like "~/.ssh/id_rsa.acme" (the public key will get the name "id_rsa.acme.pub" automaically).

This naming has two benefits. You can see at a glance the key strength/type of all keys, and the filenames sort themselves as id_-prefix which means they all glob at the same position when listing files in the folder, and it also doesn't clash with autocompletion of the other important files in there (config and known_hosts).

I also heard some people use subfolders like ~/.ssh/acme/id_rsa, but I saw several people say that it messes up the ability for ssh to automatically find the keys, so basically that you have to both add the IdentityFile to the config AND do ssh-add manually at every startup. Decided to try this theory for myself, so I created a key inside ~/.ssh/foldertest/id_rsa. I then ran "ssh-add -l" to list all keys. The new key wasn't listed. I then did "mv ~/.ssh/foldertest/* ~/.ssh" and ran "ssh-add -l" again, and it immediately listed the new key.

So my theory is that ssh-agent automatically scans the ~/.ssh folder but never its subfolders. So yeah, avoid subfolders for your keys! Either way I see no need for subfolders since I use the host name as keyfile suffix instead, which cleanly separates the keys as I described earlier. :)

Thanks a lot for refreshing my memory about how the ~/.ssh/config file works! Your tutorials are always lovely!

MyAmazingUsername

Thank you so much for making this, the config file is way more powerful than I thought.

KevinMarchese

Well that was inspirational video, I learned a lot about SSH keys today and how to use them. Both this and config file video were just great.

goran.jovanovic

"Shinra Key"- which number keycard from the Shinra building works with SSH? 22? :)

VeronicaExplains

nice rundown on the basics of ssh keys. the question I've got is how to manage keys to 100s of servers. I keep hearing about a certificate server but would love to see a rundown on how to set something like that up

pelamadeleine

Thank you, it's very useful video about ssh keys managment.

AlexanderTishenko

I just watched your full ssh video this morning. lucky

Ranblv

Hi Jay, perfect timing as this is a subject I have been wanting to learn more about. In your example you simulated contracting with 3 companies and needing to use unique keys for each; this makes complete sense to me. However, what if you had several or lots of servers at each company; would you still just use the 3 keys? Would you use a unique key per server? Or, is there some other decision making like 1 key for internal servers and a different key for DMZ servers, etc.? Another question, if you want to clean up having used the default id_rsa key thus far after setting up a unique key, do you need to remove the old key from the authorized keys file? (I think this is where you would do this clean-up) Thank you for all your content and I missed the config video somehow so going to watch it now.

mkintzel

Excellent video, my good man. Thanks for helping out us noobs.

Kanthon

2:15 Shinra is from Final Fantasy 7, Skynet is from the Terminator series; I was not expecting references to either of those in this video.. lol. Although, Skynet was a computer network; Cyberdyne Systems was the company that developed the network.

alphago

Very helpful video it was explained in an excellent way

carlosdelgado

Great tutorial...I was just wondering if you could make a video on restoring ssh keys. To a new linux installation. Imagine you have to reinstall ubuntu. What keys/files to save and restore in order to be able to logon remote servers again.

geirha

I never figured out how to use ssh-agent from the CLI. I did however find it really useful when used with PuTTY from a Windows box to get to the Unix boxes at work.
Neat and sneaky little invocation that "eval $(ssh-agent)". I guess it hooks into the file descriptors of the shell session to intercept and feed the passphrase in and out.
Linux is full of these really cool and clever mechanisms.

dingokidneys

Wow a lot to learn from this video. Thanks you so

bhaveshverma

keychain is a nice addition to this setup

rotflol

Hi Jay,
Will you be following up this getting started video with an advanced version at all? I'm thinking about the best ways to add authorised public keys to servers without connecting to each one. The best way I can think of so far is to manage the authorized_keys file via ansible in a git repo. What do you think?

add

I got distracted from this video by some metal guy blowing up my mako reactor.

annihilatorg

Also in the sshd_config file of the server, the PasswordAuthentication is set to no. No matter what, I can ssh from all the machines to that server by only typing the user and pass credentials. What am I missing here?

ierosgr