Course Content
Linux Essentials for DevOps Automation
The "Linux Essentials for DevOps Automation" training provides a comprehensive understanding of Linux fundamentals tailored to DevOps practices. By mastering these concepts, participants can effectively leverage Linux in DevOps environments to automate tasks, manage infrastructure, and deploy applications with efficiency and reliability.
0/15
Connecting to Linux machine
00:00
Mastering Basic Shell Commands in Linux
00:00
Linux Filesystem Hierarchy
00:00
Linux File Permissions
00:00
Basic Linux Networking
00:00
Linux – vi editor – powerful text editor
00:00
Linux – Text Handling Utilities
00:00
Essential utilities in Linux
00:00
Shell Programming Concepts
00:00
Flow control in shell programming
00:00
Shell Command History
00:00
Linux – Package management
00:00
Monitoring Linux System
00:00
Cron for Scheduling jobs
00:00
SSH(Secure Shell) key management
00:00
Linux Essentials for DevOps Automation

SSH (Secure Shell) keys are a pair of cryptographic keys used to authenticate and secure connections between a client and a server. The keys consist of a public key and a private key, which are used in a public-key cryptography scheme.

 

Here’s how SSH keys and key generation (keygen) work in Linux:

 

1. SSH Key Pair:

 

Public Key: The public key is shared with the SSH server and is used to verify the identity of the client.

Private Key: The private key is kept securely by the client and is used to authenticate the client to the server.

 

[root@uadev .ssh]# ls -lrt
total 8
-rw-r--r--. 1 root root 392 Jun 7 21:30 id_rsa.pub      ---- > Public key
-rw-------. 1 root root 1811 Jun 7 21:30 id_rsa         ---- > Private key
[root@uadev .ssh]#

 

 
2. Generating SSH Key Pair (Keygen):

 

Open Terminal: Open a terminal window on your Linux system.

Run ssh-keygen: Use the ssh-keygen command to generate a new SSH key pair.

Example: ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa

 

[root@uadev .ssh]# ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:V6MPe0yVU0Wy35yzrrEAJZ11o78kX7+2shyQWUCuYsQ root@uadev
The key's randomart image is:
+---[RSA 2048]----+
| .o ..+=|
| . o + o=.|
| E . =oo= |
| . +o+o.+o|
| oSo++.. ==|
| . ...*. + *|
| ..+o +.|
| .o.=..|
| ==+.|
+----[SHA256]-----+
[root@uadev .ssh]#

 

    • -t: Specifies the type of key to create (e.g., rsa, ed25519).
    • -b: Specifies the number of bits in the key (e.g., 2048, 4096).
    • -f: Specifies the filename of the generated key pair.

 

Optional: Passphrase: You can optionally add a passphrase to encrypt the private key for added security.

Public and Private Keys: After running ssh-keygen, the public key (id_rsa.pub) and private key (id_rsa) files will be generated in the ~/.ssh/ directory.

 

 
3. Using SSH Keys:

 

Copying Public Key to Server: Copy the contents of the public key file (id_rsa.pub) to the ~/.ssh/authorized_keys file on the SSH server.

Example: $ ssh-copy-id user@hostname

 

[root@uadev .ssh]# ssh-copy-id devnixops@devnix_vm1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'devnix_vm1 (127.0.0.1)' can't be established.
ED25519 key fingerprint is SHA256:hVYFOf8gTVA0PZm1D+DMyDNOkx1pRmXTE3s8R1uMYWc.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
devnixops@devnix_vm1's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'devnixops@devnix_vm1'"
and check to make sure that only the key(s) you wanted were added.

[root@uadev .ssh]#

 

 

Connecting to Server: Use the private key file (id_rsa) to authenticate when connecting to the SSH server.

$ ssh -i ~/.ssh/id_rsa user@hostname

 

[root@uadev ~]# ssh devnixops@devnix_vm1
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Mon May 27 22:57:58 2024 from 192.168.22.1
[devnixops@ devnix_vm1 ~]$
 
Key Management:
    • Storing Keys Securely: Store the private key (id_rsa) securely and avoid sharing it with others.
    • Managing Passphrases: If using a passphrase, choose a strong passphrase and consider using a passphrase manager to store it securely.
    • Regular Key Rotation: Consider rotating SSH keys periodically for improved security.
    • Revoking Keys: If a private key is compromised, revoke the corresponding public key on the SSH server.

 

 
5. SSH Configuration:

 

SSH Config File: Customize SSH client behavior and configurations using the ~/.ssh/config file.

Host Aliases: Define aliases for hosts to simplify SSH connections.

SSH Agent: Use the SSH agent to manage SSH keys and provide them to SSH clients when needed.

 

SSH keys provide a secure method for authenticating and encrypting communications between a client and a server. By generating and using SSH key pairs, you can securely connect to remote servers and transfer data over SSH connections. Understanding SSH keys and key generation is essential for secure access to Linux servers and other SSH-enabled systems.

Previous
Next