SSH Keys
Summary
TLDRThis video explains the concept and use of SSH keys for secure access to remote servers. Unlike passwords, SSH keys provide a more secure method by utilizing a pair of private and public keys. The private key remains confidential on the user's device, while the public key is placed on the server. The video details the process of connecting to a server using SSH, the importance of keeping the private key secure, and the different tools required for various operating systems. It also provides specific instructions for accessing Amazon Web Services instances.
Takeaways
- 🔒 Passwords are insecure due to their predictability and vulnerability to breaches, making them easy to crack.
- 🔐 SSH keys offer a more secure alternative to passwords for accessing computers, enhancing security.
- 🔑 SSH keys consist of a private key (kept secret) and a public key (can be shared openly).
- 💡 The private key should be kept secure and not shared, as it can be used to impersonate the user.
- 🌐 The public key can be freely distributed and placed on servers, as it cannot be used to impersonate the user without the private key.
- 🔗 SSH uses the private key to encrypt a random string, which the server then decrypts to verify the user's identity.
- 🔄 The server generates a random string, encrypts it with the public key, and the client (using the private key) decrypts it to prove access rights.
- 💻 Using SSH keys eliminates the need for remembering passwords, making access more convenient and secure.
- 🌐 In the context of Amazon Web Services (AWS), a PEM file is used as the private key, which should be kept confidential.
- 🖥️ For connecting to AWS instances, software like PuTTY (for Windows) or the Terminal (for macOS and Linux) is used to run SSH.
- ⚠️ Caution is advised when downloading SSH software, especially for Windows, to avoid fake applications that can compromise security.
Q & A
Why are passwords considered insecure for accessing computers?
-Passwords are insecure because they are often easy to guess or crack, especially if they are common or predictable. There are lists of frequently used passwords that hackers can use to gain access to accounts.
What is a better alternative to passwords for secure access?
-A better alternative to passwords is using SSH keys. SSH keys provide a more secure way to access systems without the need to remember and enter passwords.
What are the two types of keys used in SSH key-based authentication?
-The two types of keys used in SSH key-based authentication are the private key and the public key. The private key is kept secret and secure, while the public key can be shared openly.
Why is the private key considered super secret?
-The private key is considered super secret because if someone gains access to it, they can pretend to be the legitimate user. It should not be shared or made public.
What can be done with the public key since it is not a secret?
-The public key can be shared openly. It can be posted on websites, emailed to people, or placed on remote servers without any security risks, as it cannot be used to impersonate the user without the corresponding private key.
How does the SSH key-based authentication process work when connecting to a server?
-When connecting to a server using SSH keys, the server generates a random string, encrypts it with the public key, and sends it to the user's machine. The user's machine then decrypts the string using the private key and sends back a proof of decryption, allowing access if the proof is correct.
What is the role of the blinking lights in a server, as mentioned in the script?
-The blinking lights in a server are humorously mentioned as the most important feature, but in reality, they often indicate the status of the server's components, such as power and network connectivity.
Why is it important to keep the private key secure?
-It is important to keep the private key secure because it is the only way to decrypt the encrypted random string sent by the server. If the private key is compromised, unauthorized access to the server can occur.
What is a PEM file in the context of Amazon Web Services?
-In the context of Amazon Web Services, a PEM file is a type of private key file used for secure access to instances. It is crucial to keep this file secure and not share it with others.
What software can be used to connect via SSH on different operating systems?
-On macOS, the Terminal application can be used. On Linux, the terminal is also commonly used. For Windows, applications like PuTTY are recommended, but users should be cautious about downloading software from trusted sources to avoid fake programs.
What is the default username for logging into Amazon EC2 instances?
-The default username for logging into Amazon EC2 instances is 'ec2-user'.
Outlines
🔒 Introduction to SSH Keys
The paragraph introduces the concept of SSH keys as a more secure alternative to passwords for accessing other computers. It explains the insecurity of passwords and the prevalence of common passwords, making them easy to crack. The paragraph highlights the superiority of SSH keys for security, describing them as consisting of a private key and a public key. The private key is secret and must be kept secure, while the public key can be freely distributed.
🔑 How SSH Keys Work
This paragraph elaborates on the functionality of SSH keys. It describes a scenario with two computers: a user’s laptop and a remote server. The private key is stored securely on the user's device, while the public key is placed on the server. When connecting via SSH, the server uses the public key to encrypt a random string, which the user's private key decrypts. The decryption is verified through a calculation sent back to the server, ensuring secure access if the private key is correct.
💻 Using SSH Keys with AWS
The paragraph explains the application of SSH keys in the context of Amazon Web Services (AWS). It describes the use of a PEM file as the private key for accessing AWS instances, emphasizing the importance of keeping this file secure. The public key is automatically generated and placed on the server by AWS. The paragraph also highlights the benefit of using SSH keys over passwords for enhanced security and mentions the need for specific software to run SSH on different operating systems.
🖥️ Accessing Remote Servers via SSH
This section provides practical guidance on accessing remote servers using SSH keys from various operating systems. It recommends using Terminal for macOS and Linux, and Putty for Windows, while warning against downloading malicious software. The paragraph underscores the necessity of using trusted sources for downloading SSH applications to protect the private key from being compromised.
👤 Logging into AWS Instances
The final paragraph discusses the specific details required to log into AWS instances using SSH. It mentions the default username 'ec2-user' for accessing the instances and reiterates the security provided by using SSH keys instead of passwords. The paragraph concludes with a wish of good luck for connecting to the newly booted AWS instances.
Mindmap
Keywords
💡SSH
💡Password
💡SSH Keys
💡Private Key
💡Public Key
💡Encryption
💡Decryption
💡Amazon Web Services (AWS)
💡PEM File
💡Putty
💡EC2 User
Highlights
Passwords are not secure and commonly used passwords are easily cracked.
SSH keys provide a much more secure alternative to using passwords.
SSH keys consist of a private key and a public key, each with different purposes.
The private key must be kept secret and not shared with anyone.
The public key can be shared freely and placed on any server.
SSH uses a process where the server encrypts a random string with the public key.
Only the corresponding private key can decrypt the random string to prove identity.
Once decrypted, the server allows access if the correct string is returned.
Amazon Web Services (AWS) uses a PEM file for its private key.
The PEM file should be kept secure to prevent unauthorized access to AWS instances.
Public keys can be created and placed on AWS servers during instance setup.
SSH keys eliminate the need for passwords, enhancing security.
Various software applications, such as Terminal on macOS and Linux, and Putty on Windows, can be used for SSH connections.
Users should be cautious about downloading SSH applications from trusted sources.
To access AWS instances, the username 'ec2-user' is used along with the private key.
Transcripts
so welcome back let's take a look at SSH
keys so when you access another computer
you probably use a password we use
passwords all the time lots of websites
have them but for us from a security
perspective they are horrible for most
of you your password probably contains
one two three four or five six seven
eight
unless you're a systems administrator in
which case your password is probably
just God but they're really easy to
crack there's a lot of websites you can
go to that have lists of passwords and
especially in light of some of the big
breaches of websites around the world
there's just common lists where people
have taken all the passwords and figured
out what people use frequently so
there's a much better much more secure
alternative to using passwords that's
much safer and it's called using SSH
keys it's a little bit of a tricky
concept but in practice it's really
quite simple and once you get it up and
running it's really easy to use SSH keys
because you don't have to remember any
password the concept of SSH keys is that
there are two files that we're going to
use there's a private key and a public
key now as the name suggests you can do
different things with the different keys
the private key is super secret because
if I get access to your private key I
can pretend I'm you so the private key
you've got to take real care of you
shouldn't share it with people you
shouldn't put it anywhere public like on
a website or anything like that you
should really make sure that you know
exactly where it is the public key as it
as its name suggests is public it
doesn't matter where it is you can put
it anywhere you can do anything with it
you can post it on websites you can
email it to people you can put it on
remote servers you don't trust it really
doesn't matter because the public key
can only do so much
you need the private key to pretend to
be you so the way that this works is
that we have two different computers we
have let's say here's your laptop and
here's the little mouse and we have a
server that we're going to connect to
and our server is a big server that sits
in a track with lots and lots and lots
of machines and lots of memory and lots
of blinking lights the blinking lights
are the most important thing for any
server to have and so we've got lots of
blinking lights in our server okay so we
want to access the server from our
laptop or our desktop machine the way
that we do this is that we use keys so
we make sure that our private key is on
our private machine on our laptop on our
desktop only on one machine we have
access to that machine nobody else does
we make sure that it's safe the public
key of course can be anywhere so we put
the public key on the server okay and we
use SSH to make the connection and we
say - SSH I want to connect to this
server and I'm going to use the private
key so SSH reads the private key and
says to the server I want to connect you
but I want to use the public key
equivalent of the private key these two
files are related the public key is can
be calculated straight away from the
private key but not vice versa so the
server says ok yes I've got that public
key it generates a random string of
characters and letters and numbers and
makes a random string and it uses an
algorithm to encrypt
that random string using this public key
the only way you can decrypt that that
random string is by using the private
key you can't decrypt it using the
public key this is a one-way encryption
you have to have the private key to
decrypt it so the server says great you
want to access me using this key here's
the random string here's the random
string decrypt it and prove that you've
decrypted it so your laptop takes that
string decrypt it does a little
calculation on the string doesn't
actually send the exact string Brak but
does a calculation on the string that
proves that it really did decrypt it and
sends that calculation back to the
server if your laptop got the right
string on the decryption the services
okay cool
you've obviously got the private key you
can come in and do work if on the other
hand your server has the wrong key then
it won't get the calculation right and
the server will say sorry you're not
allowed in you don't have access you
don't have the private key so the key to
keys is that you have two files your
private key and your public key the
public key can go anywhere can be on
anything the private key belongs to you
and you alone and you shouldn't share it
with anybody now in the computational
genomics class we're using Amazon Web
Services and Amazon Web Services uses a
PE M file for its private key so that
file is super secret and you shouldn't
share it with anybody because it would
allow them to access your machines the
server already has the public key
because it creates it from the PM file
before it gives it to you if you want to
create your own public keys you can
place them on Amazon and use
that as well and then they get placed
into the server when your Amazon Web
instance gets booted up now you can log
in from any machine using the private
key and you don't need a password it
means that Amazon Web Services is
protected because there's no password so
you couldn't have set a simple password
like Bob and it means that you're
protected because only you can get in if
you have that private key so the last
part about using SSH keys is that to
access the remote server from your
private laptop you need some software
that's going to run SSH and that depends
on the computer that you're using so if
you're using a Mac computer with OSX
then you can use the application
terminal that's provided in the
utilities folder in your Applications
folder if you're using Linux then I've
no doubt you already know exactly how to
do this and again you're just going to
use terminal in both of these cases you
open a terminal and you type SSH and it
will connect to the machine if you're
using Windows then there are several
applications that you can use to connect
via SSH one that I quite like is putty
that I used quite a bit and there are
some other applications that are
included in the course material now one
word of caution if you're downloading
applications especially for Windows make
sure that you're very careful about
where you download the application from
there's a couple of fake putty programs
that have been circulating where instead
of connecting to the server what it does
is it reads your private key and then
sends it to somebody else
and remember your private keys private
and so we don't want to send it to
anybody else because that means they can
access your server if you go for putty
if you go to HTTP party org you can find
the doubt the latest version to download
there's only one other thing you need to
know to access your ami instances on
Amazon Web Services we've got SSH we've
got our private keys we've got our
applications that we're going to use and
then the final thing we need to know is
our username and for the Amazon
instances that we're using we're going
to log in as user
II see - - user ok
ec2 - user and that's our username we
don't need a password because we've got
our keys now with all of this you can
connect to your Amazon instance that
you've just booted up good luck
関連動画をさらに表示
VS Code Remote SSH - How to Set Up Passwordless connection
Dite ADDIO alle PASSWORD! La RIVOLUZIONE delle PASSKEY spiegata bene!
How To Configure SSH On A Cisco Device | Secure Connection
Hardening Access to Your Server | Linux Security Tutorial
Self Host 101 - Set up and Secure Your Own Server
SSH Tutorial System Commands
5.0 / 5 (0 votes)