How to generate SSH Keys for secure SSH login.
SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers or Linux-based hosts . When working with an Linux-based server chances are you will spend most of your time in a terminal session connected to your server through SSH. SSH keys are one of the methods to authenticate with a server over SSH. This is the preferred method for most sysadmins as you need only one password to access many servers, provided your keys are loaded on them.
We will show you how to create it.
Creating a Key Pair
In your terminal, log in as the user who you are creating the keys for. Then run the following command:
$ ssh-keygen Output: Generating public/private rsa key pair. Enter file in which to save the key (/your_home/.ssh/id_rsa):
You can just enter, and then put in the password for your keypair.
Your identification has been saved in /your_home/.ssh/id_rsa Your public key has been saved in /your_home/.ssh/id_rsa.pub The key fingerprint is: SHA256:C5CKc9NHoSYx9/0c1fGXkHM7CTPNkyCa8uoCGZ5j2VU marius@i5 The key's randomart image is: +---[RSA 3072]----+ | o . . ..+*..| | + + o Eo..*oB.| | . = o.oo. *.*| | . * o .oo . +.| |o = B + S.o .| | o X o ... | | . o .. | | .. | | .. | +----[SHA256]-----+
You now have a public and private key that you can use to authenticate. The next step is to exchange the public key with your server so that you can use SSH-key-based authentication to log in.
Key exchange with a host
Where normally you will SSH to a server using a password, you can now do a key exchange. The tool we are going to use is ssh-copy-id and is included with most if not all SSH clients. Let’s say we want to do a key exchange with a host on our LAN with IP of 192.168.100.105 and the user we are logging in as is the root user.
$ ssh-copy-id firstname.lastname@example.org Output /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys email@example.com's password:
Authenticate with the password for the root user of that host, and that is it. If successful you will get a message that your key has been added, and that you can now log in as per normal with ssh firstname.lastname@example.org – however, you will be prompted for your ssh-key password instead of the host’ password.