I’m having trouble understanding workflow of SSH access to servers in “SSL & TLS Basics” section of “Devops Pre-Requisite course”
This is all I’ve understood until now:
- We can generate new SSH keys with ssh-keygen (private and public key)
- We can ssh into server using “ssh -i ~/.ssh/private_key user@<server_IP_address>”
Q) Do we share our public key with server? If so when and how? (How does our key reach ~/.ssh/authorized_keys file)
I want to understand, how does server know which public key to use when a specific user is trying to login into server. What happens under the hood, when we are trying to login.
Let’s start with the “what happens under the hood” part. You need to append your public key to a file on the remote account you want to reach to ~user/.ssh/authorized_keys, using your example.
An easy way to do this is to use the ssh-copy-id command, as so:
$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@<server_ip_address>
This will create the needed directory and file, and give them the correct permissions and ownership.
If you don’t have that command available, then you’ll:
- Need to create an .ssh directory on the remote system with “user read only” belonging to user.
- Copy your public key into that directory as “authorized_keys”, readable only by user, and belonging to user.
This should allow you to use ssh to get into the system as user “user”, without supplying a password.