You know that moment when you realize, “Uh oh, I’m in WAY over my head?”
I have a lot of those.
A few years ago, I was asked by a colleague to SSH into a server and grep for a file. At the time, this sounded like total nonsense to me – however, since this person clearly thought I SHOULD know how to do whatever this meant, I just said “You bet!” and just started googling furiously. Here’s what I needed to know in that moment.
First, SSH means ‘Secure Shell’, and it’s also sometimes referred to as ‘Shell Access’. It’s a way for you to access a server securely, without a password, and is done by generating a private key and a public key. The public key gets added to the server, and you keep the private key locally. When you access the server, the private key and public key connect and you are granted access (if you need more info than this, learn about the SSL/TLS handshake here).
Why not just use a password? There’s some debate about this. The crux of it is really that your private key (which is really just a text file on your local machine with a gigantic multi-character string in it) is harder to steal and harder to guess, which means it’s less likely to be successfully cracked in a brute-force attack. You can also password protect your private key, so there’s an extra layer of protection.
So when you’re SSHing into a server, what you’re doing is really:
- Generating a public/private key pair
- Putting the public one on the server
- Logging in to the server (which you’ll be authenticated onto thanks to your local private key) through the command line
- Crossing your fingers and hoping you’re not blowing anything up while you’re in there
Let’s start with generating the key pair. Fire up your terminal/command prompt/iTerm, whatever you use to access the command line. Type:
ssh-keygen -t rsa
It’s then going to ask you for a name for your new key, which will then be saved as a text file on your local machine.
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/you/.ssh/id_rsa): [whatever-you-want-to-call-it]
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in [whatever-you-want-to-call-it].
Your public key has been saved in [whatever-you-want-to-call-it].pub.
Congrats! You have created a key pair.
Next, we have to copy the key, so we can add it to our server. We do this by again going to the command line and entering:
MAC: pbcopy < ~/.ssh/id_rsa.pub
WINDOWS: clip < ~/.ssh/id_rsa.pub
Now that it’s copied, how you proceed is going to depend entirely on where the key needs to go. Here are a couple of links that may help you, depending on your end game: