SSH

References

SSH

Checking for existing SSH keys

Enter ls -al ~/.ssh to see if existing SSH keys are present:

ls -al ~/.ssh
# Lists the files in your .ssh directory, if they exist

Check the directory listing to see if you already have a public SSH key.

By default, the filenames of the public keys are one of the following:

  • id_dsa.pub
  • id_ecdsa.pub
  • id_ed25519.pub
  • id_rsa.pub

Generating a new SSH key pair

To create a new SSH key pair:

Generate a new ED25519 SSH key pair:

ssh-keygen -t ed25519 -C "email@example.com"

Or, if you want to use RSA:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

The -C flag adds a comment in the key in case you have multiple of them and want to tell which is which. It is optional.

Adding or changing a passphrase

If, in any case, you want to add or change the password of your SSH key pair, you can use the -p flag:

ssh-keygen -p -o -f <keyname>

or

ssh-keygen -p
# Start the SSH key creation process
Enter file in which the key is (/Users/you/.ssh/id_rsa): [Hit enter]
Key has comment '/Users/you/.ssh/id_rsa'
Enter new passphrase (empty for no passphrase): [Type new passphrase]
Enter same passphrase again: [One more time for luck]
Your identification has been saved with the new passphrase.

Copying SSH key

Copy your public SSH key to the clipboard by using one of the commands below depending on your Operating System:

MacOS:

pbcopy < ~/.ssh/id_ed25519.pub

WSL / GNU/Linux (requires the xclip package):

xclip -sel clip < ~/.ssh/id_ed25519.pub

Git Bash on Windows:

cat ~/.ssh/id_ed25519.pub | clip

Note: If you opted to create an RSA key, the name might differ.

Create a self-signed certificate and Activate SSL on Apache2

Install openssl

sudo apt-get install openssl

To create a self-signed certificate

sudo openssl req -new -x509 -days 365 -nodes -out /path/to/cert.pem -keyout /path/to/cert.pem

Fill the fields as below

Country Name (2 letter code) [AU]:IE
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Ltd
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:example.com
Email Address []:email@example.com

You can use this certificate with application such as apache, courier to provide ssl support.

Install and reload apache ssl module to enable ssl support

a2enmod ssl
/etc/init.d/apache2 force-reload

Once this is done you’ll have Apache setup to accept SSL connections, but the server will still only be listening for incoming HTTP requests on port 80 - and not SSL connections on port 443. To fix this you must add a line to the file /etc/apache2/ports.conf:

Listen 443

The final step is to ensure that your virtual hosts, or main host, will accept SSL options. Add below lines to your VirtualHost tag.

SSLEngine on
SSLCertificateFile /path/to/cert.pem

For reference here is a complete example which should be easy to modify/understand:

NameVirtualHost *:443
NameVirtualHost *:80
<VirtualHost *:80>
ServerName earth.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName earth.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
SSLEngine on
SSLCertificateFile /path/to/cert.pem
</VirtualHost>