Skip to content

Instantly share code, notes, and snippets.

@tatsuyafujisaki

tatsuyafujisaki/pem.md

Last active January 28, 2025 01:34
Show Gist options
  • Save tatsuyafujisaki/10340e8222e91c09aa5a86219e15b5f0 to your computer and use it in GitHub Desktop.
Save tatsuyafujisaki/10340e8222e91c09aa5a86219e15b5f0 to your computer and use it in GitHub Desktop.
Download ZIP
SSH / PEM / PKCS
Raw
pem.md

.pem file

  • is a base64 file that contains various cryptographic keys.
  • 's private keys begin with -----BEGIN RSA PRIVATE KEY-----.
  • 's public keys (TLS certificates) begin with -----BEGIN CERTIFICATE-----.

How to create a .p12 file from a private key PEM file and a public key PEM file

openssl pkcs12 -export -out output.p12 -inkey private-key.pem -in public-key.pem
Raw
ssh.md

Public key

is like a padlock.

Private key

is like a key for a padlock.

How to upload a public key to GitHub

  1. ssh-keygen -t Ed25519 -C john.smith@example.com
  2. If the server does not support ed25519, ssh-keygen -t rsa -b 4096 -C john.smith@example.com
  3. pbcopy < ~/.ssh/id_ed25519.pub
  4. Open https://github.com/settings/keys
  5. Paste the public key.
  6. Leave the key type as it is (Authentication Key).

How to prepare a server for public key authentication

  1. mkdir ~/.ssh
  2. chmod 700 ~/.ssh
  3. touch ~/.ssh/authorized_keys
  4. chmod 600 ~/.ssh/authorized_keys
  5. ssh-copy-id <server-address>
  • ssh-copy-id throws an error if ~/.ssh/authorized_keys does not exist. Alternatively, you can do the following two steps.
  • Transfer id_rsa.pub to the server in your favorite way.
  • cat id_rsa.pub >> ~/.ssh/authorized_keys

~/.ssh/authorized_keys

  • is a list of public keys that are allowed to be used for SSH connections.

ssh_config

Precedence

  1. ssh -F 'my_ssh_config.txt'
  2. ~/.ssh/config
  3. /etc/ssh/ssh_config

Content

User <username>
Host MyHost1
  HostName www.example.com
  User user1
Host MyHost2
  HostName www.foobar.com
  User user2

Why use an SSH key passphrase in ssh-keygen

Without a passphrase, if someone gains access to your computer, he also gains access to every system that uses SSH key.

What is a public key fingerprint (aka an SSH key fingerprint)

An SSH key fingerprints is a hash produced by applying a cryptographic hash function such as SHA-2 to an SSH key.

Why use a public key fingerprint (aka an SSH key fingerprint)

  • Lets you confirm that a server you are trying to connect to is not an impersonator in a man-in-the-middle attack.
  • SSH servers release their public key fingerprints and SSH clients store those public key fingerprints with each server's hostname and IP address in ~/.ssh/known_hosts.

Port forwarding

Local port forwarding

Lets you bypass a company firewall that blocks Wikipedia.

# Connect to port X on SSH client -> (SSH tunnel) -> SSH server -> Port Y on SSH server
ssh -L <Port X>:localhost:<Port Y> <SSH server>

# Connect to port X on SSH client -> (SSH tunnel) -> SSH server -> Port Y on destination server
ssh -L <Port X>:<Destination server>:<Port Y> <SSH server>

Remote port forwarding

Lets you connect from your SSH server to a computer on your company's intranet.

# Connect to port X on SSH server -> (SSH tunnel) -> SSH client -> Port Y on SSH client
ssh -R <Port X>:<localhost>:<Port Y> <SSH server>

# Connect to port X on SSH server -> (SSH tunnel) -> SSH client -> Port Y on destination server
ssh -R <Port X>:<Destination server>:<Port Y> <SSH server>

Note

Port forwarding can be disabled as follows in ~/.ssh/config of an SSH server.

AllowTcpForwarding no

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment