SSH Keys

RobEdwards
25 Aug 201810:11

Summary

TLDRThis video explains the concept and use of SSH keys for secure access to remote servers. Unlike passwords, SSH keys provide a more secure method by utilizing a pair of private and public keys. The private key remains confidential on the user's device, while the public key is placed on the server. The video details the process of connecting to a server using SSH, the importance of keeping the private key secure, and the different tools required for various operating systems. It also provides specific instructions for accessing Amazon Web Services instances.

Takeaways

  • πŸ”’ Passwords are insecure due to their predictability and vulnerability to breaches, making them easy to crack.
  • πŸ” SSH keys offer a more secure alternative to passwords for accessing computers, enhancing security.
  • πŸ”‘ SSH keys consist of a private key (kept secret) and a public key (can be shared openly).
  • πŸ’‘ The private key should be kept secure and not shared, as it can be used to impersonate the user.
  • 🌐 The public key can be freely distributed and placed on servers, as it cannot be used to impersonate the user without the private key.
  • πŸ”— SSH uses the private key to encrypt a random string, which the server then decrypts to verify the user's identity.
  • πŸ”„ The server generates a random string, encrypts it with the public key, and the client (using the private key) decrypts it to prove access rights.
  • πŸ’» Using SSH keys eliminates the need for remembering passwords, making access more convenient and secure.
  • 🌐 In the context of Amazon Web Services (AWS), a PEM file is used as the private key, which should be kept confidential.
  • πŸ–₯️ For connecting to AWS instances, software like PuTTY (for Windows) or the Terminal (for macOS and Linux) is used to run SSH.
  • ⚠️ Caution is advised when downloading SSH software, especially for Windows, to avoid fake applications that can compromise security.

Q & A

  • Why are passwords considered insecure for accessing computers?

    -Passwords are insecure because they are often easy to guess or crack, especially if they are common or predictable. There are lists of frequently used passwords that hackers can use to gain access to accounts.

  • What is a better alternative to passwords for secure access?

    -A better alternative to passwords is using SSH keys. SSH keys provide a more secure way to access systems without the need to remember and enter passwords.

  • What are the two types of keys used in SSH key-based authentication?

    -The two types of keys used in SSH key-based authentication are the private key and the public key. The private key is kept secret and secure, while the public key can be shared openly.

  • Why is the private key considered super secret?

    -The private key is considered super secret because if someone gains access to it, they can pretend to be the legitimate user. It should not be shared or made public.

  • What can be done with the public key since it is not a secret?

    -The public key can be shared openly. It can be posted on websites, emailed to people, or placed on remote servers without any security risks, as it cannot be used to impersonate the user without the corresponding private key.

  • How does the SSH key-based authentication process work when connecting to a server?

    -When connecting to a server using SSH keys, the server generates a random string, encrypts it with the public key, and sends it to the user's machine. The user's machine then decrypts the string using the private key and sends back a proof of decryption, allowing access if the proof is correct.

  • What is the role of the blinking lights in a server, as mentioned in the script?

    -The blinking lights in a server are humorously mentioned as the most important feature, but in reality, they often indicate the status of the server's components, such as power and network connectivity.

  • Why is it important to keep the private key secure?

    -It is important to keep the private key secure because it is the only way to decrypt the encrypted random string sent by the server. If the private key is compromised, unauthorized access to the server can occur.

  • What is a PEM file in the context of Amazon Web Services?

    -In the context of Amazon Web Services, a PEM file is a type of private key file used for secure access to instances. It is crucial to keep this file secure and not share it with others.

  • What software can be used to connect via SSH on different operating systems?

    -On macOS, the Terminal application can be used. On Linux, the terminal is also commonly used. For Windows, applications like PuTTY are recommended, but users should be cautious about downloading software from trusted sources to avoid fake programs.

  • What is the default username for logging into Amazon EC2 instances?

    -The default username for logging into Amazon EC2 instances is 'ec2-user'.

Outlines

00:00

πŸ”’ Introduction to SSH Keys

The paragraph introduces the concept of SSH keys as a more secure alternative to passwords for accessing other computers. It explains the insecurity of passwords and the prevalence of common passwords, making them easy to crack. The paragraph highlights the superiority of SSH keys for security, describing them as consisting of a private key and a public key. The private key is secret and must be kept secure, while the public key can be freely distributed.

05:01

πŸ”‘ How SSH Keys Work

This paragraph elaborates on the functionality of SSH keys. It describes a scenario with two computers: a user’s laptop and a remote server. The private key is stored securely on the user's device, while the public key is placed on the server. When connecting via SSH, the server uses the public key to encrypt a random string, which the user's private key decrypts. The decryption is verified through a calculation sent back to the server, ensuring secure access if the private key is correct.

10:02

πŸ’» Using SSH Keys with AWS

The paragraph explains the application of SSH keys in the context of Amazon Web Services (AWS). It describes the use of a PEM file as the private key for accessing AWS instances, emphasizing the importance of keeping this file secure. The public key is automatically generated and placed on the server by AWS. The paragraph also highlights the benefit of using SSH keys over passwords for enhanced security and mentions the need for specific software to run SSH on different operating systems.

πŸ–₯️ Accessing Remote Servers via SSH

This section provides practical guidance on accessing remote servers using SSH keys from various operating systems. It recommends using Terminal for macOS and Linux, and Putty for Windows, while warning against downloading malicious software. The paragraph underscores the necessity of using trusted sources for downloading SSH applications to protect the private key from being compromised.

πŸ‘€ Logging into AWS Instances

The final paragraph discusses the specific details required to log into AWS instances using SSH. It mentions the default username 'ec2-user' for accessing the instances and reiterates the security provided by using SSH keys instead of passwords. The paragraph concludes with a wish of good luck for connecting to the newly booted AWS instances.

Mindmap

Keywords

πŸ’‘SSH

SSH, or Secure Shell, is a cryptographic network protocol for operating network services securely over an unsecured network. In the context of the video, it is used to securely access another computer without the need for passwords, which are considered less secure. The script emphasizes the security benefits of SSH over traditional password authentication.

πŸ’‘Password

A password is a secret word or phrase used to authenticate a user to a system. The script discusses the vulnerabilities of passwords, such as their susceptibility to cracking and the commonality of weak passwords, which can be easily guessed or found in data breaches.

πŸ’‘SSH Keys

SSH keys are a pair of cryptographic keys used for authenticating to an SSH server. They consist of a private key, which should be kept secure and secret, and a public key, which can be shared openly. The video explains that SSH keys provide a more secure alternative to passwords for accessing servers.

πŸ’‘Private Key

A private key is the保密 part of an SSH key pair and should never be shared. The script highlights the importance of keeping the private key secure, as it allows the holder to authenticate as the owner of the key pair, thereby accessing the associated server or service.

πŸ’‘Public Key

A public key is the part of an SSH key pair that can be freely shared. The script explains that the public key is placed on the server, and it is used in conjunction with the private key to establish a secure connection, without the need for a password.

πŸ’‘Encryption

Encryption is the process of converting data into a code to prevent unauthorized access. In the script, the server uses the public key to encrypt a random string, which can only be decrypted by the corresponding private key, ensuring that only the rightful user can access the server.

πŸ’‘Decryption

Decryption is the process of converting encrypted data back into its original form. The video describes how the client machine uses the private key to decrypt the server's challenge, proving possession of the key and thus gaining access to the server.

πŸ’‘Amazon Web Services (AWS)

Amazon Web Services is a comprehensive cloud computing platform provided by Amazon. The script mentions AWS in the context of using SSH keys for secure access to AWS instances, emphasizing the platform's support for key-based authentication.

πŸ’‘PEM File

A PEM file is a type of file format that contains encoded data. In the context of the video, the PEM file is used to store the private key in the AWS environment, underscoring the need for keeping this file secure and confidential.

πŸ’‘Putty

Putty is a free and open-source terminal emulator, serial console, and network file transfer application. The script recommends Putty as a software option for Windows users to connect to servers via SSH, but also warns about the potential risks of downloading fake versions of the software.

πŸ’‘EC2 User

In the context of AWS, EC2 (Elastic Compute Cloud) is a service that provides resizable compute capacity in the cloud. The script specifies 'ec2-user' as the default username for logging into AWS instances using SSH keys, illustrating the specific application of SSH key authentication in AWS environments.

Highlights

Passwords are not secure and commonly used passwords are easily cracked.

SSH keys provide a much more secure alternative to using passwords.

SSH keys consist of a private key and a public key, each with different purposes.

The private key must be kept secret and not shared with anyone.

The public key can be shared freely and placed on any server.

SSH uses a process where the server encrypts a random string with the public key.

Only the corresponding private key can decrypt the random string to prove identity.

Once decrypted, the server allows access if the correct string is returned.

Amazon Web Services (AWS) uses a PEM file for its private key.

The PEM file should be kept secure to prevent unauthorized access to AWS instances.

Public keys can be created and placed on AWS servers during instance setup.

SSH keys eliminate the need for passwords, enhancing security.

Various software applications, such as Terminal on macOS and Linux, and Putty on Windows, can be used for SSH connections.

Users should be cautious about downloading SSH applications from trusted sources.

To access AWS instances, the username 'ec2-user' is used along with the private key.

Transcripts

play00:00

so welcome back let's take a look at SSH

play00:04

keys so when you access another computer

play00:07

you probably use a password we use

play00:10

passwords all the time lots of websites

play00:11

have them but for us from a security

play00:14

perspective they are horrible for most

play00:17

of you your password probably contains

play00:19

one two three four or five six seven

play00:22

eight

play00:22

unless you're a systems administrator in

play00:24

which case your password is probably

play00:25

just God but they're really easy to

play00:29

crack there's a lot of websites you can

play00:30

go to that have lists of passwords and

play00:33

especially in light of some of the big

play00:35

breaches of websites around the world

play00:37

there's just common lists where people

play00:39

have taken all the passwords and figured

play00:41

out what people use frequently so

play00:45

there's a much better much more secure

play00:47

alternative to using passwords that's

play00:50

much safer and it's called using SSH

play00:53

keys it's a little bit of a tricky

play00:56

concept but in practice it's really

play00:58

quite simple and once you get it up and

play01:01

running it's really easy to use SSH keys

play01:04

because you don't have to remember any

play01:05

password the concept of SSH keys is that

play01:10

there are two files that we're going to

play01:11

use there's a private key and a public

play01:21

key now as the name suggests you can do

play01:28

different things with the different keys

play01:30

the private key is super secret because

play01:39

if I get access to your private key I

play01:41

can pretend I'm you so the private key

play01:44

you've got to take real care of you

play01:46

shouldn't share it with people you

play01:48

shouldn't put it anywhere public like on

play01:49

a website or anything like that you

play01:51

should really make sure that you know

play01:54

exactly where it is the public key as it

play01:57

as its name suggests is public it

play02:00

doesn't matter where it is you can put

play02:03

it anywhere you can do anything with it

play02:04

you can post it on websites you can

play02:06

email it to people you can put it on

play02:08

remote servers you don't trust it really

play02:10

doesn't matter because the public key

play02:12

can only do so much

play02:13

you need the private key to pretend to

play02:16

be you so the way that this works is

play02:21

that we have two different computers we

play02:23

have let's say here's your laptop and

play02:31

here's the little mouse and we have a

play02:35

server that we're going to connect to

play02:37

and our server is a big server that sits

play02:41

in a track with lots and lots and lots

play02:43

of machines and lots of memory and lots

play02:46

of blinking lights the blinking lights

play02:47

are the most important thing for any

play02:49

server to have and so we've got lots of

play02:52

blinking lights in our server okay so we

play02:56

want to access the server from our

play02:59

laptop or our desktop machine the way

play03:04

that we do this is that we use keys so

play03:06

we make sure that our private key is on

play03:12

our private machine on our laptop on our

play03:15

desktop only on one machine we have

play03:18

access to that machine nobody else does

play03:20

we make sure that it's safe the public

play03:25

key of course can be anywhere so we put

play03:28

the public key on the server okay and we

play03:35

use SSH to make the connection and we

play03:39

say - SSH I want to connect to this

play03:43

server and I'm going to use the private

play03:47

key so SSH reads the private key and

play03:52

says to the server I want to connect you

play03:56

but I want to use the public key

play03:58

equivalent of the private key these two

play04:01

files are related the public key is can

play04:04

be calculated straight away from the

play04:05

private key but not vice versa so the

play04:09

server says ok yes I've got that public

play04:12

key it generates a random string of

play04:16

characters and letters and numbers and

play04:21

makes a random string and it uses an

play04:25

algorithm to encrypt

play04:27

that random string using this public key

play04:36

the only way you can decrypt that that

play04:39

random string is by using the private

play04:42

key you can't decrypt it using the

play04:44

public key this is a one-way encryption

play04:46

you have to have the private key to

play04:48

decrypt it so the server says great you

play04:52

want to access me using this key here's

play04:56

the random string here's the random

play05:00

string decrypt it and prove that you've

play05:03

decrypted it so your laptop takes that

play05:07

string decrypt it does a little

play05:11

calculation on the string doesn't

play05:13

actually send the exact string Brak but

play05:14

does a calculation on the string that

play05:16

proves that it really did decrypt it and

play05:18

sends that calculation back to the

play05:21

server if your laptop got the right

play05:26

string on the decryption the services

play05:29

okay cool

play05:30

you've obviously got the private key you

play05:32

can come in and do work if on the other

play05:35

hand your server has the wrong key then

play05:38

it won't get the calculation right and

play05:41

the server will say sorry you're not

play05:44

allowed in you don't have access you

play05:46

don't have the private key so the key to

play05:52

keys is that you have two files your

play05:54

private key and your public key the

play05:58

public key can go anywhere can be on

play06:00

anything the private key belongs to you

play06:03

and you alone and you shouldn't share it

play06:05

with anybody now in the computational

play06:09

genomics class we're using Amazon Web

play06:12

Services and Amazon Web Services uses a

play06:16

PE M file for its private key so that

play06:22

file is super secret and you shouldn't

play06:24

share it with anybody because it would

play06:26

allow them to access your machines the

play06:31

server already has the public key

play06:33

because it creates it from the PM file

play06:35

before it gives it to you if you want to

play06:37

create your own public keys you can

play06:39

place them on Amazon and use

play06:41

that as well and then they get placed

play06:43

into the server when your Amazon Web

play06:46

instance gets booted up now you can log

play06:51

in from any machine using the private

play06:53

key and you don't need a password it

play06:57

means that Amazon Web Services is

play06:58

protected because there's no password so

play07:01

you couldn't have set a simple password

play07:03

like Bob and it means that you're

play07:07

protected because only you can get in if

play07:10

you have that private key so the last

play07:14

part about using SSH keys is that to

play07:17

access the remote server from your

play07:20

private laptop you need some software

play07:23

that's going to run SSH and that depends

play07:27

on the computer that you're using so if

play07:30

you're using a Mac computer with OSX

play07:36

then you can use the application

play07:39

terminal that's provided in the

play07:44

utilities folder in your Applications

play07:46

folder if you're using Linux then I've

play07:52

no doubt you already know exactly how to

play07:54

do this and again you're just going to

play07:57

use terminal in both of these cases you

play08:01

open a terminal and you type SSH and it

play08:05

will connect to the machine if you're

play08:08

using Windows then there are several

play08:13

applications that you can use to connect

play08:16

via SSH one that I quite like is putty

play08:21

that I used quite a bit and there are

play08:24

some other applications that are

play08:26

included in the course material now one

play08:30

word of caution if you're downloading

play08:33

applications especially for Windows make

play08:37

sure that you're very careful about

play08:39

where you download the application from

play08:40

there's a couple of fake putty programs

play08:44

that have been circulating where instead

play08:48

of connecting to the server what it does

play08:50

is it reads your private key and then

play08:53

sends it to somebody else

play08:55

and remember your private keys private

play08:58

and so we don't want to send it to

play09:01

anybody else because that means they can

play09:02

access your server if you go for putty

play09:05

if you go to HTTP party org you can find

play09:13

the doubt the latest version to download

play09:19

there's only one other thing you need to

play09:21

know to access your ami instances on

play09:25

Amazon Web Services we've got SSH we've

play09:29

got our private keys we've got our

play09:31

applications that we're going to use and

play09:33

then the final thing we need to know is

play09:35

our username and for the Amazon

play09:39

instances that we're using we're going

play09:42

to log in as user

play09:44

II see - - user ok

play09:49

ec2 - user and that's our username we

play09:55

don't need a password because we've got

play09:57

our keys now with all of this you can

play10:01

connect to your Amazon instance that

play10:04

you've just booted up good luck

Browse More Related Video

VS Code Remote SSH - How to Set Up Passwordless connection

Dite ADDIO alle PASSWORD! La RIVOLUZIONE delle PASSKEY spiegata bene!

How To Configure SSH On A Cisco Device | Secure Connection

Hardening Access to Your Server | Linux Security Tutorial

Self Host 101 - Set up and Secure Your Own Server

SSH Tutorial System Commands

Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
SSH KeysSecurityPasswordless AccessPrivate KeyPublic KeyServer AccessEncryptionAmazon Web ServicesPuTTYLinux Terminal