Published on August 29, 2024By DeveloperBreeze

Tutorial: How to Generate and Use SSH Keys with ssh-keygen

SSH keys provide a secure way of logging into servers and can be used for authentication purposes without needing a password. In this tutorial, you’ll learn how to generate and use SSH keys using the ssh-keygen command.

---

1. What Are SSH Keys?

SSH keys are a pair of cryptographic keys used to authenticate a user with an SSH server. They consist of a private key, which is kept secret, and a public key, which can be shared with anyone. When you attempt to log in to an SSH server, the server checks if the corresponding private key is available for the public key it has stored.

---

2. Generating SSH Keys with ssh-keygen

The ssh-keygen command is used to create SSH key pairs. By default, it generates RSA keys.

Step 1: Open your terminal.

Step 2: Generate the SSH key pair.

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Explanation:

-t rsa: Specifies the type of key to create, in this case, an RSA key.

-b 4096: Specifies the number of bits in the key. 4096 bits is the recommended length for RSA keys.

-C "your_email@example.com": This option adds a label to the key, typically your email address, for easier identification.

Step 3: Save the key pair.

After running the command, you’ll be prompted to specify a file location to save the keys. By default, they are saved in ~/.ssh/id_rsa (private key) and ~/.ssh/id_rsa.pub (public key).

Enter file in which to save the key (/home/your_username/.ssh/id_rsa):

Step 4: Set a passphrase (optional but recommended).

You’ll be prompted to enter a passphrase. This adds an extra layer of security, requiring the passphrase to be entered whenever the private key is used.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Output:

After successfully generating the keys, you’ll see a message similar to this:

Your identification has been saved in /home/your_username/.ssh/id_rsa.
Your public key has been saved in /home/your_username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:abcdefgHijklmnop12345678QrstuvWxyz your_email@example.com
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|      . o.       |
|     . + .       |
|    . o * .      |
|   . o B E o     |
|    o X = o .    |
|     + O * = .   |
|      o o + .    |
|                 |
+----[SHA256]-----+

---

3. Adding the SSH Key to the SSH Agent

To manage your SSH keys efficiently, you can use the SSH agent, which handles your keys for you, allowing you to use the passphrase-protected keys without entering the passphrase repeatedly.

Step 1: Start the SSH agent.

eval "$(ssh-agent -s)"

Step 2: Add your private key to the SSH agent.

ssh-add ~/.ssh/id_rsa

---

4. Adding Your SSH Key to a Remote Server

To use your SSH key for authentication, you need to add the public key to the ~/.ssh/authorized_keys file on the remote server.

Step 1: Copy the public key to the remote server.

You can manually copy the key or use the ssh-copy-id command for convenience.

ssh-copy-id username@remote_host

If ssh-copy-id is not available, manually copy the public key using cat and echo commands:

cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Step 2: Log in using the SSH key.

Once the public key is added, you can log in to the remote server without a password:

ssh username@remote_host

---

5. Managing Multiple SSH Keys

If you have multiple SSH keys for different services, you can specify which key to use by configuring your ~/.ssh/config file.

Example:

Host github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_rsa_github

Host server.example.com
    HostName server.example.com
    User your_username
    IdentityFile ~/.ssh/id_rsa_example

Explanation:

Host: The alias you use for the server.

HostName: The actual domain name or IP address of the server.

User: The username used to log in to the server.

IdentityFile: The path to the private key file.

With this configuration, you can simply use ssh github.com or ssh server.example.com to connect to different servers with the corresponding keys.

---

6. Changing the Passphrase of an SSH Key

You can change the passphrase of an existing SSH key without regenerating the key.

Step 1: Use ssh-keygen to change the passphrase.

ssh-keygen -p -f ~/.ssh/id_rsa

Explanation:

-p: Prompts for a new passphrase.

-f: Specifies the file of the key to update.

You’ll be prompted to enter the old passphrase and then the new one.

---

7. Deleting an SSH Key

If you no longer need an SSH key, you can delete it by simply removing the files.

rm ~/.ssh/id_rsa ~/.ssh/id_rsa.pub

Note: Be sure to remove the corresponding public key from any servers where it was added.

---

Conclusion

SSH keys are a powerful and secure way to authenticate with remote servers, and ssh-keygen is the tool to generate and manage them. Whether you’re setting up a new server, working with Git, or managing multiple SSH keys, this tutorial has covered the essential steps to get you up and running.

Comments

Please log in to leave a comment.

Continue Reading: