A personal memo for the first week of joining the company.
The ssh-keygen command can create a file called a "certificate" that uses the public and private keys used in "OpenSSH" and the CA key (Certificate Authority key).
What is OpenSSH? It is an open source implementation of "SSH" that encrypts communication via the network. Mainly used for ** remote login ** over the network to UNIX / Linux servers.
What is SSH? "SSH (Secure Shell)" is a protocol for securely communicating with remote computers using encryption and authentication technologies. Encrypts communications that include credentials such as passwords.
What is a protocol? Established rules for data communication. Information format, communication procedure.
Various server devices such as VPS (Virtual Private Server) are almost always located away from the operator. Therefore, we need a means that only the person who performs this operation can securely connect via the Internet.
The reason is that if a malicious person can log in to the server, he / she can do whatever he / she wants on the server and pose various risks.
The term SSH, which is usually used, has multiple meanings as follows, so it is necessary to clarify which one it refers to.
SSH Purpose: Connect to the server Main target audience: Server administrator
SSL Purpose: Safely display websites Main target audience: Website visitors
SSH is complicated to connect securely to a remote server. In addition, there are multiple authentication methods available to check if the login to the server is correct.
Typical ones are password authentication method
and public key authentication method
.
--Password authentication method The password in this case is the one set for the user account on the server. It's easy, but if the password is leaked, a malicious third party can log in to the server, which is dangerous.
--Public key authentication method
Initial setting work is difficult, but communication security is very high.
There are several ways to do this, but in principle you can't log in from a user without a "key" as long as you keep a file called a ** key".
**
This will prevent unauthorized login by a malicious third party.
The public key authentication method is roughly as follows.
server (public key) and client (private key)
**, not just one "key".SSH server
**Linux command ** ssh-keygen
**
A Linux command that issues a set of private and public keys. The file location and default file name are as follows.
Private key: /root/.ssh/id_rsa Public key: /root/.ssh/id_rsa.pub
In my case, the ~ / .ssh /
directory did not exist, so I created it with mkdir.
Procedure manual commands
ssh-keygen -f stash_rsa -t rsa -b 2048
Basic grammar
** ssh-keygen [option] [-f key file]
**
-** -f
** option
Specify the file.
This time I wanted to name it stash_rsa, so I think I'm using it.
(If not specified, it will be generated with the name id_rsa.)
-** -t
** option
Key type rsa1, dsa, ecdsa, ed25319, rsa (If not specified with -t, rsa is usually the default, depending on the version)
-** -b
** option
Specify the key length (minimum value is 768bit, initial value is 2048bit)
2048bit is also specified in the above command.
(The initial value is 2048 bits, which is written in the citation source, but the reason for specifying it is unknown)
I'm tired so I'll write it later.
Recommended Posts