Easy authentication with SSH keys and secure connection to SSH host and WebServer on the Internet without password. This tutorial shows how to create a private key and store the corresponding public key on the WebServer.

How to use SSH keygen on Linux and macOS

SSH keys eliminate the need to enter passwords when connecting via SSH. Especially for the administration of several accounts, this can bring a lot of time savings. The following describes how to set up SSH keys with ssh-keygen on Linux and macOS. To do this, open a terminal and execute the command.

$ ssh-keygen -t rsa -b 4096

The computer now asks in which file the key should be stored, preferably create a new unique file. The default is that the key is stored in the default file (id_rsa), which is confusing, and the folder “.ssh” is also hidden.

$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mike/.ssh/id_rsa): my-key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in my-key.
Your public key has been saved in my-key.pub.
The key fingerprint is:
SHA256:7oBofs25Wz2b03V2+5daXFUAq8ClijSfSjUog/3sVwo mike@thinkpad
The key's randomart image is:
+---[RSA 4096]----+
|          . .....|
| o   . . o   .  .|
|. + + o +   .   .|
|   * = + . .    .|
|    E + S .     .|
|   + + + .    o =|
|  o +o+.o o. . =+|
| o  ..++  .+. .o.|
|  ..  oo. o. .. +|
+---- SHA256 -----+

A key is created after the RSA cryptosystem with a length of 4096 bits. This means that the key can hardly be cracked by brute force.

A passphrase can now also be assigned for even more security, but this is not absolutely necessary. If you want to use a passphrase for the key, you can enter it and then confirm it. Otherwise, you can skip this option with the Enter key. We create a key pair at this point without additional passphrase.

That’s it: The key pair is created and is in the specified file. These can be opened with a text editor in the terminal with vi or nano, and with macOS with any editor to view the key pair, but nothing may be changed, even no blank lines may be inserted.

my-key
my-key.pub

The contents of the file my-key.pub in abbreviated form are similar to this.

ssh-rsa AAAAB3NzaC1yc2EAAADAQABACQCuA1tumTMG/sa7OpjxbuL5vz7R..
...
VOOpjavLDM0iZjWbRc3KeKuEIu9Lw== mike@thinkpad

Bring a public key to the server

Now there is the last step to store the public key on the desired WebServer. The best way to do it is on the server with “ssh-copy-id”. Since the creation took place on the “control computer”, i.e. the laptop, the public key still has to be copied to the WebServer. First, you log in to the server and then store the key there. To do this, the necessary command in the terminal is as follows.

$ ssh-copy-id -i ~/.ssh/my-key mike@webserver.org

Alternatively, if you do not want to use “ssh-copy-id”, the contents of the local file ~/.ssh/my-key.pub can be copied to the WebServer in the file ~/.ssh/authorized_keys. To do this, run the command in the shell on the control computer.

$ cat ~/.ssh/my-key.pub | ssh mike@webserver.org "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
chmod 0600 ~/.ssh/authorized_keys

Alternatively, the public key can also be saved directly in the file authorized_keys via copy paste.

The private key my-key must remain secret, so do not place it on the server.

On Windows, OpenSSH can be deployed, under Settings – Apps and Features – Optional Features, or PuTTY (puttygen) is used.

How to deploy GateOne Terminal emulator SSH client on Synology DSM

GateOne is a web-based HTML5 driven open-source terminal emulator with a powerful SSH client that can be used to run any terminal application from the browser and provide virtual terminal connections. GateOne can be used as a supplement to web-based management interfaces. This post shows how to deploy and use GateOne with Synology DSM.

GateOne for each browser they supports WebSocket, a browser plugin is not required

Synology DSM does not provide a way for diagnostic tasks such as ping or traceroute, with an embedded SSH client these functions comes available. The GateOne SSH client offers other useful applications, such as bypassing a proxy, or if there is no VPN to the NAS and the firewall only allows port 443 (HTTPS) for the browser.

GateOne is not provided or managed by Synology itself, but can be retrieved from the SynoCommunity repository. The SynoCommunity offers free packages for Synology NAS devices.

Note. GateOne version 0.9.3 for DSM 5/6, support for DSM 7 is currently not available (23.8.2021).

How to add the SynoCommunity repository

From DSM you open the main menu with the icon at the top left, there you will find the package center.

Click on the Icon Package Center to open it, then on button Settings.

In the General pane that opens, under Trust level, select Synology Inc. and Trusted Publishers.

Then go to the Package Sources section.

Click the Add button and insert the package source, enter SynoCommunity as the name and paste the URL https://packages.synocommunity.com/ for location and click OK.

Now packages can be installed from SynoCommunity, here you enter gateone in the search field at the top of the magnifying glass.

After GateOne appears from the community package source, the app is provided by clicking install.

There are now many possible applications with GateOne.

Image gallery: GateOne Terminal Sessions

Note. In order to be able to access the NAS itself via SSH, the SSH service must be activated in the DSM control panel, how to do it can find here. The most commands require sudo permission, i.e. sudo ping.

What is Websocket ?

The WebSocket protocol is a TCP-based network protocol that was designed to establish a bidirectional connection between a web application and a WebSocket server or a web server that also supports WebSockets

Tutorial

Tag Archives: How to OpenSSH

ssh-keygen how it works