OverviewThe most secure way to login to a remote machine and copy files to and from it, is by using SSH keys (normally RSA).
Managing these keys, between multiple servers and especially between development machines can become cumbersome. There is also the security threat of leaving keys lying around on machines.
A great way to not have keys as files on local disk is using the unix ssh-agent program. Tools like ssh, rsync and scp read from the ssh-agent when trying to access a server, and will try each key until a valid key is found. This happens quickly and delays trying keys are not observable to a user.
pk ssh-addcommand is used to download any ssh keys securely and add them to the local running ssh-agent. After which you can run ssh, rsync or scp normally and the ssh-agent will make the key available to them. E.g
pk ssh-add -s personal -n mykey,myclient-key1 -p
Formats and TypesKeys must be PEM encoded, and can be RSA (PKCS1, or PKCS8) or ECDSA. Keys can also be password protected themselves. When the
pk ssh-addcommand reads a password protected key, it will prompt for the key's password, to decrypt it for the ssh-agent.
RequirementsWe assume you have:
Use caseWe are going to walk you though an example where we setup an AWS server with a private RSA key. We'll add this key to our pkhub "Pub/Priv Keys", and show you how to run the
pk ssh-addcommand to add this key to the local ssh-agent. Finally we'll show how to ssh into the AWS server using the ssh-agent. Here we use AWS, but this can be applied to any cloud provider and or any self managed servers, even your local dev laptops.
Step 1: Setup
- Create the key in AWS
Create the aws server, with the ssh key assigned
Create the PK Hub Pub/Priv Key entry
Step 2: Run the pk ssh-add commandYou can now add the private key using the PK CLI. The
pk ssh-add"command can download any private keys from your pkhub safe and add it to the local ssh agent.
pk shh-add -s myorg -n mydev -p
Step 3: SSH into the server