GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Feb 28, 2012 public RSA key validation regexp. GitHub Gist: instantly share code, notes, and snippets.
message 'An SSH key uniquely identifies you (and your computer) when your computer is communicating with other computers. Think of an SSH key as a fancy password.' |
message 'You'll need one of these to create your Heroku and Github accounts.' |
option 'Did you use RailsInstaller on Windows?' do |
message 'Congratulations, you already have an ssh key!' |
link_without_toc 'create_a_heroku_account' |
end |
option 'Do you have a preexisting SSH key for some other reason?' do |
message 'Maybe you went to a previous RailsBridge workshop, or generated an SSH key to push some code to GitHub? You can check with the following command:' |
console 'ls ~/.ssh/id_rsa' |
message 'If you see the message **No such file or directory**, you don't have an SSH key yet.' |
option_half 'No such file or directory' do |
message 'Go on to <a href='#generate-key'>Generate an SSH key' |
end |
option_half '/Users/[something]/.ssh/id_rsa' do |
link_without_toc 'create_a_heroku_account' |
end |
end |
a name: 'generate-key' |
option 'Generate an SSH key' do |
important 'Use the same email address for heroku, git, github, and ssh.' |
important '**REPLACE** `student@example.com` with your **actual email address** below.' |
console 'ssh-keygen -C student@example.com -t rsa' |
message 'Press enter to accept the default key save location.' |
message 'Next, you'll be asked for a passphrase.' |
h1 'Choose whether to use a passphrase' |
blockquote do |
option_half 'No passphrase' do |
message 'Hit enter to accept blank passphrase, then hit enter again.' |
end |
option_half 'Passphrase' do |
message 'If your computer is shared with other people, as in a work laptop, you should choose and enter a real passphrase. Twice.' |
end |
end |
message 'After key generation is complete, you'll have output that looks like this.' |
result <<-OUTPUT |
Generating public/private rsa key pair. |
Enter file in which to save the key (/Users/student/.ssh/id_rsa): |
Created directory '/Users/student/.ssh'. |
Enter passphrase (empty for no passphrase): |
Enter same passphrase again: |
Your identification has been saved in /Users/student/.ssh/id_rsa. |
Your public key has been saved in /Users/student/.ssh/id_rsa.pub. |
The key fingerprint is: |
88:54:ab:77:fe:5c:c3:7s:14:37:28:8c:1d:ef:2a:8d student@example.com |
OUTPUT |
verify do |
message 'Your brand-new public key is now stored at `~/.ssh/id_rsa.pub`' |
tip 'Public vs. Private Keys' do |
message 'If you look inside `~/.ssh/`, you will notice two files with the same name: `id_rsa` and `id_rsa.pub`.' |
message '`id_rsa.pub` is your **public key** and can be shared freely.' |
message '`id_rsa` is your **private key** and must be kept secret.' |
message 'If someone else gets your private key and your passphrase, then they can pretend to be you and log on to your Heroku or Github accounts and cause mischief!' |
end |
end |
message 'Add your generated key to the authentication agent using the following command:' |
console 'ssh-add ~/.ssh/id_rsa' |
result <<-OUTPUT |
Enter passphrase for /Users/student/.ssh/id_rsa: |
Identity added: /Users/student/.ssh/id_rsa (/Users/student/.ssh/id_rsa)' |
OUTPUT |
tip 'Could not open a connection to your authentication agent' do |
message 'If the ssh-agent is not running, you will come across this error. Here are a few commands that you can try to use to start the ssh-agent:' |
console_with_message 'For some Windows machines:', 'eval `ssh-agent -s`' |
console_with_message 'For others (confirmed on some Windows 7, 8, 8.1, and 10 setups):', 'eval $(ssh-agent)' |
console_with_message 'For Linux:', 'eval `ssh-agent`' |
message <<-MARKDOWN |
<p>For additional options, this StackOverflow thread has been helpful: <a href=' http://stackoverflow.com/questions/17846529/could-not-open-a-connection-to-your-authentication-agent'> http://stackoverflow.com/questions/17846529/could-not-open-a-connection-to-your-authentication-agent</a></p> |
MARKDOWN |
end |
end |
next_step 'create_a_heroku_account' |
Once you have entered the Gen Key command, you will get a few more questions:
You can press enter here, saving the file to the user home (in this case, my example user is called demo).
It's up to you whether you want to use a passphrase.
Entering a passphrase does have its benefits: the security of a key, no matter how encrypted, still depends on the fact that it is not visible to anyone else. Should a passphrase-protected private key fall into an unauthorized users possession, they will be unable to log in to its associated accounts until they figure out the passphrase, buying the hacked user some extra time. The only downside, of course, to having a passphrase, is then having to type it in each time you use the Key Pair.
The entire key generation process looks like this:
Python code for dynamic key generation. The public key is now located in /home/demo/.ssh/id_rsa.pub
The private key (identification) is now located in /home/demo/.ssh/id_rsa
Once the key pair is generated, it's time to place the public key on the virtual server that we want to use.
You can copy the public key into the new machine's authorized_keys file with the ssh-copy-id command. Make sureto replace the example username and IP address below.
Alternatively, you can paste in the keys using SSH:
No matter which command you chose, you should see something like:
Now try logging into the machine, with:
and check in:
to make sure we haven't added extra keys that you weren't expecting.
Now you can go ahead and log into user@12.34.56.78 and you will not be prompted for a password. However, if you set a passphrase, you will be asked to enter the passphrase at that time (and whenever else you log in in the future).
Once you have copied your SSH keys unto your server and ensured that you can log in with the SSH keys alone, you can go ahead and restrict the root login to only be permitted via SSH keys.
Gimp for mac os x 10.4 11. In order to do this, open up the SSH config file:
Within that file, find the line that includes PermitRootLogin and modify it to ensure that users can only connect with their SSH key:
Put the changes into effect: