Today I had to generate a separate Private and Public Key in order to access my new blockchain node so I took the opportunity to setup a fresh, unique key pair that are also protected by 2FA authentication, interactive password. Later I will take it a step further and protect it with a Yubikey.
Even though RSA was a standard for asymetric SSH keys for years, keys below 2048-bit length are not considered safe anymore due to evolution in hardware. It's time to upgrade to a stronger, elliptic curve algorithm, ED25519 which is faster, more secure and shorter in bytes.
Requirements
Having a basic understanding of SSH and ssh-keygen installed.
Step 1/3 - Generate a new ED25519 Priv Key
ssh-keygen -t ed25519 -C "lukas@gmailorwhatever.com"
thank you Andrew, my dear colleague for the command recommendation!
You will be prompted to enter the key destination path,
Enter file in which to save the key:
/Users/enchanterio/.ssh/id_ed25519_devto_tutorial
Choose a passphrase (DO NOT LEAVE BLANK).
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your private key has been saved in /Users/enchanterio/.ssh/id_ed25519_devto_tutorial.
Your public key has been saved in /Users/enchanterio/.ssh/id_ed25519_devto_tutorial.pub.
The key fingerprint is:
SHA256:qxCxjp6thlj59cjQKy+qTrPnlTNfCq/RKNP+bYCwyA8 lukas@gmailorwhatever.com
The key's randomart image is:
+--[ED25519 256]--+
| |
| |
| . |
| . o |
|. ..=.. S |
| Eo+oo*. . |
|.=++o& =o. |
|+.+=O.@.=. |
|o=B+.*==.. |
+----[SHA256]-----+
Step 2/3 - Configuring SSH agent
Connect to a server, add the content of your new local Pub Key cat ~/.ssh/id_ed25519_devto_tutorial.pub
to the server's .ssh/authorized_keys
file and remove the old RSA Key:
ignore that the key on the image is different from the above in this tutorial, I took the screenshot before I wrote the tutorial
Disconnect from the server. Now we will do an additional trick to associate the specific IP address with this new Private Key without affecting rest of the SSH connections based on the old RSA Key.
vim ~/.ssh/config
Host blockchain-node
HostName <YOUR_IP_ADDRESS>
User root
IdentityFile /Users/enchanterio/.ssh/id_ed25519_devto_tutorial
Step 3/3 - Dialing the connection
Execute:
ssh blockchain-node
You will be prompted to unlock your SSH key by password:
Enter passphrase for key '/Users/enchanterio/.ssh/id_ed25519_devto_tutorial':
<type pwd...>
Done! Connected. Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-43-generic x86_64)
And the server you just connected to, authenticated you against your new password protected, ED25519 Elliptic Private Key. Gg.
Top comments (0)