Using Keys to help secure OpenSSH
This is part of a series on hosting a website on the Raspberry Pi. Click the Raspberry Pi Webserver in the Blog Series to the right for the complete steps.
Start MobaXterm and connect to the Raspberry Pi.
To generate the keys enter this command:
ssh-keygen -t ed25519 -a 150 -f ~/.ssh/id.ed25519 -C "Created on Feb 17, 2023"
| Option | Meaning |
|---|---|
| -t | Specifies the type of key to create. Ed25519 is a generation 4 format. |
| -a | For private key, it specifies the number of KDF rounds used. Higher numbers result in slower passphrase verification and increased resistance to brute-force password cracking. The default is 16 rounds. |
| -f | Specifies the filename of the key file and where to create it. |
| -C | Comment, that is added to the end of the public key. |
Create a passphrase and enter it when asked.
Two files should be created and stored in ~/.ssh
Let move the keys to your Windows machine. Click the SSH browser.
TIP: Check Follow terminal folder(lower left) – The SSH browser will follow you has you change folders on the command line.
Change to the .ssh folder:
cd ~/.ssh
If you don’t see the two files, do a right click and Refresh Current Folder in the SSH Browser.
Change to MobaXterm home on your Windows computer and create a folder called keys. Mine is under C:\Users\YOUR_USER_NAME\AppData\Roaming\MobaXterm\home
Select the two file in the SSH Browser in MobaXterm and copy (click and drag) to the keys folder.
Back to the command line on the Raspberry Pi. Enter these commands to remove the private key and move the public key to the file authorized_keys.
cd ~/.ssh rm id.ed25519 mv id.ed25519.pub authorized_keys
If you are not following this series and you have other keys in the file authorized_keys, then you should copy and paste this new key into the authorized_keys file. Or use the command: cat id.ed25519.pub >> authorized_keys and then erase id.ed25519.pub.
Back to MobaXterm, lets edit the session.
Click Advance SSH settings
Check Use Private key
Click the blue file icon and locate the file id.ed25519 you copied over earlier. Click Open to accept it.
The Use private key field will fill with the location and file selected: C:\Users\Your_User_Name\AppData\Roaming\MobaXterm\home\keys\id.ed25519
Click OK
That is it for now, double clicking the session will open another tab and will ask for your Passphrase. You should now have access.
Let’s change access to the .ssh folder to just the user by using the following command.
chmod 700 .ssh
With keys, you just made the system a little more secure, check our the next post in this series to continue: Modifying the config file of OpenSSH to help secure it
Share this content:
Leave a Reply