Making your own ssh key

From Motorcycle Action Group Wiki
Jump to: navigation, search

How to make an ssh key to log into the secure MAG servers

Intro

There are several ways of authenticating yourself to an ssh server, like the ones used on the MAG Linux machines. The simplest and the least safe is to use a username and password. As this is subject to all sorts of different kinds of attack, MAG has opted to require the use of ssh keys on the machines that do not need to be accessible to the membership in general.

Where should I be to create this key then ?

It is recommended that you log in to the machine webhost.mag-uk.org to generate your key. The reason being that it is a machine that will remain accessable by username and password, so you won't have be prevented from logging in before you have a key; and it is a modern operating system.

If your local PC is a Linux machine then user "ssh root@webhost.mag-uk.org".

If you have a Windows machine then it is recommended that you use the PuTTY toolsuite to log into webhost.

ssh-keygen command

Now that you have logged into webhost.mag-uk.org as yourself, you are in a position to generate a new key.

There are many options you can use with the ssh-keygen command. This page endeavours to recommend the most secure option that is still generally usable across all of the MAG servers.

If your name is "Fred Hill" and your email address is fhill@mag-uk.org then please use the following command:

 ssh-keygen -t rsa -b 4096 -C "Fred Hill <fhill@mag-uk.org>"

You will be prompted for a passphrase. Please use a good long one. Please bear in mind that a sentence like "mary had a little lamb" is a perfectly acceptable passphrase structure (although this one is rather too predictable to be very strong). Please come up with something obscure that you will none-the-less remember.

For more information on the ssh-keygen tool, please see ssh-keygen man page