OpenLab spring 2015/02 | Key generating/eating party

Date: 27. 2. 2015
Workshop by: Martin Ukrop, Vladimír Štill
Cake: evidence here
Cake by: Vlasta Žáková

Introduction to SSH keys and SSH authentication.

Useful commands

See manual pages for usage details.

ssh (create SSH connection)
ssh-keygen (generate SSH keypair, interactive)
ssh-copy-id <machine> (copy local identity to server to enable key authentication)
ssh-add (add key to agent)

Configuration file

Host aisa
  Hostname aisa.fi.muni.cz
  ForwardAgent yes
  Username xukrop
  VisualHostKey yes

Host nymfe*
  ForwardAgent yes
  Hostname %h.fi.muni.cz
  IdentityFile ~/.ssh/id_rsa
  ProxyCommand ssh xstill@aisa.fi.muni.cz nc %h %p

# defaults should be at the end
# security hardening
Host *
  User xstill
  PreferredAuthentications publickey
  ForwardAgent no
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  PubkeyAuthentication yes

Miscellaneous

FI known hosts (SSH keys for all machines) https://fadmin.fi.muni.cz/noauth/sshkh/ssh-known-hosts.mpl

Beware! Forwarding your agent to the server may enable the server administrators to steal your agent and authenticate as yourself.