Okay, today let's see together why SSH & ED-25519 can simplify your life.
SSH keys
To authenticate to a service you can use a username and a password, but you can as well use a pair of keys: SSH keys.
It is really simple, you generate 2 keys. One public that you can share. One private that is a secret. You can generate different types of keys and you probably know the RSA type. Let's give it a shot:
Open a terminal and generate a key, with RSA type, a minimal recommended length of 2048 bits, and a Comment.
Read the next part before generating your keys...
ssh-keygen -t rsa -b 2048 -C "my@email.test"
You can decide the destination folder and if you want a passphrase. On a Unix system, it should be generated here: ~/.ssh/
.
Use state-of-art keys
Shorter, and more secure than RSA, Rivest–Shamir–Adleman? Impossible? Hold my beer, here comes ED-25519. Another type of keys but with a smaller public key! (And more secure, see links below.)
ssh-keygen -t ed25519 -C "my@super.email"
More infos here: https://docs.gitlab.com/ee/ssh/#generating-a-new-ssh-key-pair
Short example of public keys (The one you share and usually copy-paste):
# ED25519 🔑
ssh-ed25519 AAAAC3NzaC1lZNYMPE5AAAAILeqT4uN/abIL8P6+oAIZGGg
BXT6o/pJRI1joLlLBCgl my@e.mail
# RSA 🗝
ssh-rsa AAAAB3Nwmnec2EAAAADAQABAAACAQDBZrkOYcnjvX/B3PvbgfNhvwgD
mySNp/VyedwywZMukoL0n8sb7ts9Xn3uIDh7psJtjY0mwIpr4yBGUZpzMAk/F1
uExrYwo/T1MqFHJcbjn28CdpM8aMx6QPf7QetM4cJnqdwdüozn3kW2cWE3K
+mJ7iTWTRqFLEaN9wzH9JUkKFffhH5xpGhEKvWQrJ1IXs0HkPfssAG+iSxEDsXwUh
eBcTAC3obFS95tfhsxUSR40NiCUGjJwd/9b31iwUyVryQcnlXr1wAtGV2AvZYzTt
v8nrqzrHVVYk+qTgdpWE+Jg8awdOswy23XV0Snx2+h8OWdDDM+RLeKmo+7ZACSWT8o
tCynfIh/8ORHnYUONkym8Lqs5Lo/dRbXXFWK6hUNOc1PsvDy5P9jNfJs3oxKTpkM6
1Twrtx7uomFkddyvk73LqN58plOOqVVnc+vv+/qhv3CAom5l+5UrvMQsSPoEdT6fWUWXl/mAKJUzzrpBcYeUjyPOkb8uvo3MTZVB1ZsArkp7t/I
Y6ekcur+7pHHSjhHj/s8fWy2twk0pET+3cmky8EbJEWH93OCmSXuDrFaGDkpny
umLBn4oXqDACeÖePa9lgmJUpMmQli6
jaAqmzgBXfGsHKvmyiN69D+tiC64EH8Ty0sUkugbrRa2BAasdpJMRnYAi4m5F5Q
Ya3bxhdKbmsAQ== my@e.mail
Shorter & more secure, use ED-25519!
Eddy, 25 years old and he has five 19' years old brothers.
Applications
Github & Cie
No more passwords to authenticate to Github (and every git-cloud) when you push your code. Go to your profile on the github website:
Personal Settings > SSH keys > New SSH keys
.
Give a name to your key and copy-paste the content of your private rsa ed25519 keys (in ~/.ssh/id_ed25519
).
From now on, when you will push something to Github, it will recognize who you are based on the keys you have in your ~/.ssh
.
Servers
Same process with servers, instead of using a password to connect to them, add your SSH public key to the authorized_keys
file in ~/.ssh
of the server.
:wq
Originally published here
Top comments (0)