SSH SECURITY BASICS FOR NEW EMPLOYEES
What Is SSH?
SSH stands for “Secure Shell”. It is a network protocol that allows a user to make a secure connection to another computer over an internal or external network. To use the service, you will need an SSH key setup for your own personal use. ACMI Industries asks that you know this process directly in the interest of both your personal and work security. By following the correct practices, we can help to avoid small to large issues such as data theft or corporate espionage efforts.
How to Setup an SSH Key?
Creating an SSH key is rather simple. Follow the steps below to start the process. Please be sure to use one of the training stations for this before attempting on official production systems.
- Open a terminal on your system and type the following command:
ssh-keygen -t rsa
[The -t sets the type option, here we have it set as rsa.] 2. You will now be asked to confirm the location to save the key. You can hit “Enter” to simply accept the default location. (Take note of this location for later!)
3. You will now be asked to enter a passphrase for your new key. Please note that you do have the option to hit enter and not use a passkey, however this is not allowed by company policy.
Please be sure to enter a key with the following requirements.
- At least 10 characters
- Must have at least one upper- and lower-case character
- Must have at least two special characters
- Must have at least one number
4. You will now see the key creation process proceed on your terminal as below:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ACMITrainingHome/.ssh/id_rsa) Enter passphrase (empty for no passphrase)
Enter same passphrase again
Your identification has been saved in /home/ ACMITrainingHome /.ssh/id_rsa.
Your public key has been saved in /home/ ACMITrainingHome /.ssh/id_rsa.pub.
The key fingerprint is:
4a:ed:0a:c6:35:4e:3f:ed:17:38:8c:74:34:4d:93:67 ACMIEmployeeX@a
The key’s randomart image is:
+ — [ RSA 2048] — — + | .oo. |
| . o.E | | + . o |
| . = = . |
| = S = . |
| o + = + |
| . o + o . |
| . o |
| | + — — — — — — — — -+
5: If you see the above output, your key is created and ready for use. Please consult with the training staff or your supervisor at this point before moving on. 6 Sharing Your SSH Key: Now that you have created your key, you need to know how to share it for use across the ACMI Industries network. Please note the following, you should NEVER share your private key! You can only share the public. If you remember during the creation process your key was saved to a directory.
You should have saved that location. However, If you cannot find it, try the following steps.
- Open a new terminal and change the directory to “.ssh/”: $ cd .ssh/
- Use the list command to check the files in the directory. $ ls
- You should see the following two files: o id_rsa o id_rsa.pub Your private key is the “id_rsa” file. Your public key is the “id_rsa.pub” file.
- Now you will want to view your public key so you can share it. $ cat id_rsa.pub Continued on next page… 7 Sharing Your SSH Key, Cont.
- You will receive an output that appears as below ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkNqp/6y/dos+D+TuCi+I9G6GzvyBlsnE oi+UMKI99/Ug8KC1/nhtQ9Psqc8BT1uPz8fHLP1+RvHzgJryynLELwKVQlD7Kh01c24Utg zmsIMgJBAYg7FdrMfkQdhSHWLorFd2w1IGuRcGe8fi51Y4PjCOBOw55kmdeUySXpe 1WimOm+dLRaql2vYqFegWe/+ff4O++5T+T4QbH5ycFwpqK11CPoOuSgj58JjDhCDdr xgkF9B4y9vrkHUW0JsysJ7nrEBh5Ksp4SV7Nv26Z6lRL/v9zJiiXpeMgXJIwbPq26o5nN6 bi8mRC/SM77VrZrixi2jmdCCAi5rSYP4YP/b+p yourName@yourComputername
6: You can simply copy this and send it to the system administrator so it can be implemented as needed. Note that after training you will be asked to use the SSH COPY ID command as well, but due to security settings you cannot do this in the training area.
