Savio Resende

Blog > Securely managing SSH keys on Linux

Securely managing SSH keys on Linux

by Savio Resende

Secure Shell (SSH) is a popular protocol used for remote access to servers and computers. It provides a secure and encrypted connection that allows users to authenticate and access a remote system. SSH keys are a crucial part of this authentication process, providing a secure and convenient way to access remote servers without having to enter a password every time.

SSH keys are a pair of cryptographic keys: a public key and a private key. The public key is placed on the server, while the private key is kept on the client machine. The keys are used to authenticate the user without the need for a password. This provides a more secure and convenient way to access a remote system without the need to remember and enter a password every time.

However, the security of SSH keys depends on how they are managed. Properly managing SSH keys is crucial to prevent unauthorized access to a remote system. In this article, we will discuss how to set permissions for the properly id_rsa.pub file on Linux, a crucial step in securely managing SSH keys.

Why is it important to set permissions for the id_rsa.pub file?

The id_rsa.pub file is the public key that is used to authenticate the user when connecting to a remote server. It is stored in the .ssh directory on the user's local machine. The permissions for this file need to be set properly to ensure that it is not accessible by anyone except the owner.

If the permissions for the id_rsa.pub file are not set properly, then it can be accessed by other users on the system. This can potentially compromise the security of the SSH key and allow unauthorized access to the remote server.

How to set permissions for the id_rsa.pub file on Linux?

To set permissions for the id_rsa.pub file on Linux, follow these steps:

Step 1: Set permissions for the id_rsa and id_rsa.pub files

The first step is to set the permissions for the id_rsa and id_rsa.pub files to chmod 600. This will give the owner read and write permissions and remove all permissions for group and other users. This can be done using either the octal form:

chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa.pub

Or the literal form:

chmod u=rw,go= ~/.ssh/id_rsa ~/.ssh/id_rsa.pub

You may also want to make the public key readable using chmod 644 or chmod a=r,u+w.

chmod 644 ~/.ssh/id_rsa.pub
chmod a=r,u+w ~/.ssh/id_rsa.pub

Step 2: Set permissions for the .ssh directory

Next, set the permissions for the .ssh directory itself to chmod 700. This gives the owner read, write, and execute permissions and removes all permissions for group and other users. This can be done using either the octal form:

chmod 700 ~/.ssh

Or the literal form:

chmod u=rwx,go= ~/.ssh

Step 3: Add the public key to the authorized_keys file

Finally, to add your public key to the authorized_keys file on the server, you can view/copy the contents of your local public key id_rsa.pub file using:

cat ~/.ssh/id_rsa.pub

Then, edit the authorized_keys file on the server using a text editor like vim:

vim ~/.ssh/authorized_keys

Paste the contents of your clipboard below any other keys in that file, and save the file. This will allow you to authenticate with the server using your private key.

Conclusion

SSH keys are an essential part of remote access to servers and computers. Properly managing SSH keys is crucial to prevent unauthorized access and ensure the security of the remote system. Setting permissions for the id_rsa.pub file is a crucial step in managing SSH keys securely. By following the steps outlined in this article, you can set the proper permissions for the id_rsa.pub file on Linux and ensure that it is secure and accessible only by the owner.

In addition to setting permissions for the id_rsa.pub file, there are several other best practices that you can follow to manage SSH keys securely. These include creating a passphrase for your private key, using a key agent to manage multiple keys, and revoking keys that are no longer in use. By following these best practices, you can ensure that your SSH keys are managed securely and protect your remote systems from unauthorized access.

In conclusion, managing SSH keys securely is essential for the security of your remote systems. Setting permissions for the id_rsa.pub file is a crucial step in managing SSH keys securely on Linux. By following the steps outlined in this article, you can ensure that your SSH keys are managed securely and protect your remote systems from unauthorized access.