No more passwords

April 18, 2020

Okay, today let's see together why SSH & ED-25519 can simplify your life.

SSH keys

To authenticate to a service you can use a username and a password, but you can as well use a pair of keys: SSH keys.

It is really simple, you generate 2 keys. One public that you can share. One private that is a secret. You can generate different types of keys and you probably know the RSA type. Let's give it a shot:

Open a terminal and generate a key, with RSA type, a minimal recommended length of 2048 bits, and a Comment.

Read the next part before generating your keys...

ssh-keygen -t rsa -b 2048 -C "my@email.test"

You can decide the destination folder and if you want a passphrase. On a Unix system, it should be generated here: ~/.ssh/.

Use state-of-art keys

Shorter, and more secure than RSA, Rivest–Shamir–Adleman? Impossible? Hold my beer, here comes ED-25519. Another type of keys but with a smaller public key! (And more secure, see links below.)

ssh-keygen -t ed25519 -C "my@super.email"

More infos here: https://docs.gitlab.com/ee/ssh/#generating-a-new-ssh-key-pair

Short example of public keys (The one you share and usually copy-paste):

# ED25519 🔑
ssh-ed25519 AAAAC3NzaC1lZNYMPE5AAAAILeqT4uN/abIL8P6+oAIZGGg
BXT6o/pJRI1joLlLBCgl my@e.mail

# RSA 🗝
ssh-rsa AAAAB3Nwmnec2EAAAADAQABAAACAQDBZrkOYcnjvX/B3PvbgfNhvwgD
mySNp/VyedwywZMukoL0n8sb7ts9Xn3uIDh7psJtjY0mwIpr4yBGUZpzMAk/F1
uExrYwo/T1MqFHJcbjn28CdpM8aMx6QPf7QetM4cJnqdwdüozn3kW2cWE3K
+mJ7iTWTRqFLEaN9wzH9JUkKFffhH5xpGhEKvWQrJ1IXs0HkPfssAG+iSxEDsXwUh
eBcTAC3obFS95tfhsxUSR40NiCUGjJwd/9b31iwUyVryQcnlXr1wAtGV2AvZYzTt
v8nrqzrHVVYk+qTgdpWE+Jg8awdOswy23XV0Snx2+h8OWdDDM+RLeKmo+7ZACSWT8o
tCynfIh/8ORHnYUONkym8Lqs5Lo/dRbXXFWK6hUNOc1PsvDy5P9jNfJs3oxKTpkM6
1Twrtx7uomFkddyvk73LqN58plOOqVVnc+vv+/qhv3CAom5l+5UrvMQsSPoEdT6fWUWXl/mAKJUzzrpBcYeUjyPOkb8uvo3MTZVB1ZsArkp7t/I
Y6ekcur+7pHHSjhHj/s8fWy2twk0pET+3cmky8EbJEWH93OCmSXuDrFaGDkpny
umLBn4oXqDACeÖePa9lgmJUpMmQli6
jaAqmzgBXfGsHKvmyiN69D+tiC64EH8Ty0sUkugbrRa2BAasdpJMRnYAi4m5F5Q
Ya3bxhdKbmsAQ== my@e.mail

Shorter & more secure, use ED-25519!

Eddy, 25 years old and he has five 19' years old brothers.

Applications

Github & Cie

No more passwords to authenticate to Github (and every git-cloud) when you push your code. Go to your profile on the github website:

Personal Settings > SSH keys > New SSH keys.

Give a name to your key and copy-paste the content of your private rsa ed25519 keys (in ~/.ssh/id_ed25519).

From now on, when you will push something to Github, it will recognize who you are based on the keys you have in your ~/.ssh.

Servers

Same process with servers, instead of using a password to connect to them, add your SSH public key to the authorized_keys file in ~/.ssh of the server.

:wq