SSH Key Recap

[00:00:00]
>> All right, so let's run through creating an ssh key one more time, just in case I lost anybody on the way. I know some people using Windows commands, should be the same actually, but it might look a little bit different. So what we did was, to we create a new ssh key, we went, We went into the ssh directory, so that's cd ~/.ssh.

[00:00:28]
Then we said ssh-keygen, And then we gave it a name, we called it full stack front end, already did that, so I won't do it again, but call it fsfe. And then once you're all done, I'm just gonna exit out of there. And you ls full stack front end, if you have a bunch of keys for some reason, remember we talked about using grep to find the actual thing we're looking for.

[00:01:00]
So you should have two, two keys in there, once the private key, the full stack front end, then the .pub which is your public key. So to get the public key, we need to paste that into Digital Ocean so it knows how to encrypt our ssh tunnel when we connect to our server.

[00:01:16]
And it'll put the public key onto the server for us as well. That's part of setting up the server. So we're gonna cat fsfe, the public key, .pub. We copy all of this, And then we went through the exercise of picking a datacenter, Ubuntu LTS by creating a new ssh key.

[00:01:47]
Then we paste our key in here, like so, we give it a name. And you can call this whatever you want, as long as you remember what it's tied to on your computer. Then you select a key, then you say we're creating one droplet, and then you give it a host name.

[00:02:08]
You can call it whatever you like. And then you hit Create Droplet, which I won't do cuz I already did one, and I don't wanna get confused myself with so many servers running. But you go ahead and create that droplet. So then you'll have a droplet that's getting spun up with your SSH key pre-installed, the public key installed, and you have the private key.

[00:02:29]
So once that's up and running, You should have something here that says droplet or something like that. And then you copy, or you can always select. So this is the IP address of your brand new server you just set up. So to log in to our server, we need to pass it the identity file.

[00:02:51]
So we're gonna say ssh, we'll use -i to specify where our private key is. And we say ~/ cuz it's an ssh, even though we're already there, it doesn't hurt to be specific. Your private key, so the one that does not end at .pub, and remember, the first user always created on a server is called root, indicates root access.

[00:03:13]
So we're gonna say root@ our IP address. And if we did everything right, We're now logged in. So you may run into something where it says something along the lines of, as we did earlier, the authenticity of the hosts, blah, blah, blah, your IP address can't be established.

[00:03:37]
That's essentially saying, hey, you've never ssh into this computer before. Are you sure it's the right one? And this is really important, because let's say you were sshing into frontendmasters.com. How do I know that frontendmasters.com hasn't been hijacked by someone else? We don't, because the IP address can change underneath us.

[00:03:59]
And so we're assuming we're connecting to one host, but it's actually something completely different. The computer checks that using the server's SSH key and says, hey, we've never seen this before. Are you sure this is the right thing? So the first time you connect your server, you're gonna get a prompt like this.

[00:04:13]
The first time you connect to any new server that you've never connected before, you're gonna get a prompt like this. You can generally say yes. If this ever happens and it's not expected, do not say yes cuz then you have different problems at that point. And if you wanna check out, this isn't really necessary, but if you wanna see who all you've connected to in the past, we can look at the, oops, we can look at the known host file.

[00:04:37]
So I'm gonna exit out of my server. To exit out of your server, you just type exit. Probably you should put that somewhere in there, but you can guess, or you close your terminal, it'll close down the SSH connection, but then you have to make a new terminal, so let's type exit.

[00:04:50]
So we can look at the known hosts, so we can cat ~/.ssh/ n and auto tab, so something called the known_hosts file. So this just keeps track of every single computer we've ever used an SSH key to connect to, it just keeps a long, long history. And you can see I've connected a lot of computers.

[00:05:12]
And again, it's just an extra security precaution saying like, hey, are you sure you know what you're doing? Okay, we're gonna remember this for next time, and it won't bother you again. Like I said, if you're ever SSHing into your server and you get this prompt again, something is wrong, and you should double-check before you connect.

[00:05:29]
Okay, hopefully we're all there. Hopefully, we all successfully connected into our server. You know what I didn't like? I'm pretty lazy, and I wanna shortcut as much as I possibly can. I don't wanna have to specify my identity file every single time. I think SSH should pick that up by default.

[00:05:53]
So we can use that by modifying our SSH config. So let's go ahead and, you can follow along here. So we're already in SSH, but I like to be specific. So I'm gonna vi, And gonna go to SSH, the directory, and I'm gonna say config. And I wanna make sure that the AddKeysToAgent is true and that we're using the keychain.

[00:06:26]
So here's where I can specify whatever my default identity file is. I can lay them out explicitly. Or even better, I can just add it to the keychain, so it'll always automatically run through every single pair whenever I'm connecting to an SSH client. Really, really useful thing, especially if you're connecting to a bunch of servers at a time and you have a bunch of keys.

[00:06:45]
You add them to your identity file. SSH will try every single one of them until it gets the right one. There's no shame in trying all of them. But most importantly, we wanna make sure the AddKeysToAgent says yes. We want the UseKeychain also to say yes. And we're just gonnaclose vm because we're not, I didn't make any changes, you may have made a change.

[00:07:05]
So I'm just gonna say :q. So to add something to the keychain, we're gonna use ssh add, ssh-add. And this one's a little funky because Apple OSX has its own kind of strangeness, so we have to type in this specific command, --apple-use-keychain and the name of our key.

[00:07:34]
So we're putting our private key on the keychain. So it's --apple, -use-keychain and then name of our private key, which is fsfe, all right? And it's been added. So now, if I did things correctly, I should be able to SSH without having to specify that identity file. I have not memorized my IP, so I'm gonna jump back to DigitalOcean.

[00:08:02]
I'm gonna copy this again. So now we can SSH, @ our IP. And now we're in, and now we don't have to specify that identity file every single time, much more convenient and much faster. Because once you're working on the server in the back end, you'll be switching back and forth quite often.

[00:08:21]
So this just saves a couple of keystrokes. Someone was asking, vi, is it a shortcut for vim? Yes, you can say vim or vi. They both open Vim. Technically, Vim is vi improved, but it's like PHP. What do we say PHP stands for? PHP, Hypertext Preprocessor, yeah. So it's kind of the same story.

[00:08:55]
Someone's asking, is the command --apple/use-keychain? Yes, that's only for OSX computers. Windows will use a different command, I'm not sure, but I think it can just use the regular SSH. If you man SSH, you should be able to use the standard config. If there's not a config file in your SSH, you can just create one.

[00:09:15]
Just in your.ssh folder, just create config, and then put the config in there. And looks like someone's getting, can't connect on port 22 to their IP, they're getting a parse error. That usually means you copied the public key, or maybe you're missing a line or out of the space somewhere in there.

[00:09:31]
So just double check that and feel free to delete the key and readd it or create another key if you need. We can create as many SSH keys as we want. Just don't lose track of them because you'll be like, which one is it? It's a whole thing.

[00:09:44]
It's a whole thing.