[SSH & AWS] #AWS #Bash

aws_ssh.md

AWS EC2 accpet

• OpenSSH public key format (PEM)
• Base64 encoded DER format
• SSH public key file format, e.g. ~/.ssh/id_rsa.pub

On client node, generate a key pair: ~/.ssh/id_rsa.pub, id_rsa

ssh-keygen

On client node, copy public key to remote node

ssh-copy-id user@remotehost

And on remote node, the public key is stored in ~/.ssh/authorized_keys

ssh service configuration, after change, need restart service

/ect/ssh/sshd_config

ssh files

~/.ssh/authorized_keys

• on remote server
• store the client’s public keys after authroized
• per user;
• if no permission, need admin to add your public key to this file (cat ~/id_rsa.pub >> ~/.ssh/authorized_keys)

~/.ssh/known_hosts

• on client side
• store DSA host keys of servers
• tell what SSH servers you have accessed

~/.ssh/config

• user’s ssh client config /etc/ssh/ssh_config
• system wide ssh client config

Generate public key from private key

ssh-keygen -y -f ~/.ssh/id_rsa

Show pub key data: bit strength, fingerprint, filename

ssh-keygen -l -f id_rsa.pub

Convert RSA public key to OpenSSH pem

ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pem

SSH-RSA: ~/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAoDvNoNCxSZX8WR9ACVMQ7nvQ62RrSMZlRtJP37Yqyl8wlNXdBoDnFhabzqs my@emaildomain.com

PEM Format

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAw4hCsXawUb8kMoASzshh4uxNFArnqwZxVHNb65lN7J0FqA7zaDQs
UmV/FkfQAlTEO570Otka3QaA5xYWm86rBPxRS8f9Uc2/c
x36xewz1vlS7XVS6zDsCAwKBSGCBtv65u64tI2sj5
-----END RSA PUBLIC KEY-----