Post

SSH cheatsheet

Creating an ssh Key

What is an SSH key?

An SSH key, or Secure Shell key, is a pair of cryptographic keys used for secure communication over the SSH protocol. The pair consists of a private key and a public key. These keys are used in asymmetric cryptography, where the public key can be freely shared, but the private key must be kept secure.

Here’s a brief overview of each component:

Private Key:

The private key is a secret key that remains on your local machine. It is used to sign data and prove your identity when connecting to a server or another system. The security of the private key is crucial, and it should never be shared or exposed to others.

Public Key:

The public key is derived from the private key and can be freely shared. It is used by servers or systems to verify the authenticity of the corresponding private key. When you connect to a server, you provide your public key, and the server checks whether the corresponding private key can decrypt the data.

When you set up SSH key-based authentication, the public key is added to the authorized keys file on the server. This file contains a list of public keys that are allowed to connect to the server. When you attempt to connect to the server, your private key is used to sign a challenge, and the server verifies it using the stored public key.

Using SSH keys offers several advantages over password-based authentication:

  • Security: Asymmetric cryptography provides a higher level of security compared to passwords. The private key never leaves your machine, and even if the public key is compromised, it cannot be used to generate the private key.
  • Convenience: Once set up, SSH keys eliminate the need to enter passwords each time you connect to a server. This is particularly useful when automating tasks or connecting to servers frequently.
  • Authentication Without Passwords: SSH keys provide a passwordless authentication method, enhancing security and user convenience.

SSH keys are widely used for secure access to servers, version control systems (such as Git repositories), and other networked services that support SSH. They play a crucial role in securing remote connections and data transfers.

How to generate ssh keys

To generate SSH keys for such things as Git push access to WP Engine, you can follow these steps:

Open Terminal or Command Prompt:

On Linux or macOS, open the Terminal. On Windows, you can use the Command Prompt or Git Bash.

Check for Existing SSH Keys:

Before generating new keys, check if you already have existing SSH keys. Use the following command:

1
ls -al ~/.ssh

If you see files like id_rsa and id_rsa.pub, you already have SSH keys. If you re-run ssh-keygen -t rsa -b 4096 -C "your_email@example.com" as in the next command, you will override your existing SSH keys. If this happens, you’ll have to re-add them to the places where you have stored your public access key.

Generate a new SSH key:

If you don’t have existing SSH keys or want to generate a new one, use the following command:

1
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Replace “your_email@example.com” with the email associated with your WP Engine account.

Press Enter to accept the default file location (~/.ssh/id_rsa) and set a passphrase if desired.

Creating a new ssh key breakdown

When you generate an SSH key, you are creating a pair of cryptographic keys: a private key and a public key. These keys are used in the SSH (Secure Shell) protocol for secure communication between two parties, typically a client (your computer) and a server. Here’s what happens during the key generation process:

Key Pair Generation:

When you run the ssh-keygen command, a key pair is generated. The key pair consists of two parts: the private key (id_rsa) and the public key (id_rsa.pub). The private key is kept on your local machine and should be kept confidential. It is used to sign messages and prove your identity. The public key is shared with other parties (such as servers) and is used to verify signatures created by the private key.

Key Size and Type:

The -t flag in the ssh-keygen command specifies the type of key to generate. In the example, -t rsa indicates the RSA algorithm, a widely-used asymmetric encryption algorithm. The -b flag specifies the number of bits in the key. In the example, -b 4096 indicates a key with 4096 bits, providing a high level of security.

Email Comment (Optional):

The -C flag allows you to add a comment to the key, typically an email address. This comment is for your reference and helps identify the key.

Passphrase (Optional):

You may choose to set a passphrase for additional security. If set, you will need to enter the passphrase whenever you use the private key.

Key Storage:

By default, the generated keys are stored in the ~/.ssh directory. The private key is in the id_rsa file, and the public key is in the id_rsa.pub file.

Adding to SSH Agent (Optional):

The ssh-add command is used to add the private key to the SSH agent. The agent helps manage your SSH keys, and adding the key allows you to use it without entering the passphrase repeatedly.

Copying Public Key:

The cat command is used to display the content of the public key (id_rsa.pub). You copy this public key and share it with services or servers (like WP Engine) that you want to authenticate with your private key.

Integration with WP Engine (or other services):

You add the copied public key to your WP Engine account or any other service where you want to use SSH key authentication. This associates your public key with your account, allowing you to securely access the service without entering a password.

In summary, generating an SSH key involves creating a secure pair of keys, keeping the private key secure on your machine, and sharing the public key with servers or services for secure authentication and communication. SSH keys provide a more secure and convenient way to access remote systems compared to traditional password-based authentication.

Creating an ssh config file

The SSH configuration file tells the computer which key file to use when connecting to a specific server hostname. SSH Gateway and GitPush use different hostnames on WP Engine.

Setting up a SSH config file, and telling the computer in advance which SSH key is used for a service, will prevent any possible connection issues.

  1. On the local machine, first navigate to the .ssh directory.
  • MacOS – Open Terminal and type:
    • cd ~/.ssh/
  • Windows – Use Git Bash and navigate to:
    • /c/Users/[youruser]/.ssh/
  1. Create the config file by running:
    • touch config
    • If they file already exists, proceed to the next step.
  2. Open the new config file, below is an example using nano, but any editor would work:

    • nano config
  3. Once open, use the arrow keys to ensure the cursor is at the very bottom of the file
  4. Paste the following contents:
1
2
3
4
5
6
   Host git.wpengine.com
   User git
   Hostname git.wpengine.com
   PreferredAuthentications publickey
   IdentityFile ~/.ssh/wpegitkey
 IdentitiesOnly yes
  1. Then save and exit. For nano:

    • Hold ctrl button then press x

test the ssh config entry

1
ssh git@git.wpengine.com info

on wpengine this will return a response like

1
2
3
hello user-localtesting
R W    localtesting
Please see http://git.wpengine.com for more help
This post is licensed under CC BY 4.0 by the author.