ssh-key-authentication ssh-keygen generate-ssh-keys ssh-key-generation ssh-key-tutorial ssh-keygen-command ssh-private-key ssh-public-key ssh-key-management ssh-agent
Tutorial: How to Generate and Use SSH Keys with ssh-keygen
SSH keys provide a secure way of logging into servers and can be used for authentication purposes without needing a password. In this tutorial, you’ll learn how to generate and use SSH keys using the ssh-keygen
command.
---
1. What Are SSH Keys?
SSH keys are a pair of cryptographic keys used to authenticate a user with an SSH server. They consist of a private key, which is kept secret, and a public key, which can be shared with anyone. When you attempt to log in to an SSH server, the server checks if the corresponding private key is available for the public key it has stored.
---
2. Generating SSH Keys with ssh-keygen
The ssh-keygen
command is used to create SSH key pairs. By default, it generates RSA keys.
Step 1: Open your terminal.
Step 2: Generate the SSH key pair.
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Explanation:
-t rsa
: Specifies the type of key to create, in this case, an RSA key.
-b 4096
: Specifies the number of bits in the key. 4096 bits is the recommended length for RSA keys.
-C "your_email@example.com"
: This option adds a label to the key, typically your email address, for easier identification.
Step 3: Save the key pair.
After running the command, you’ll be prompted to specify a file location to save the keys. By default, they are saved in ~/.ssh/id_rsa
(private key) and ~/.ssh/id_rsa.pub
(public key).
Enter file in which to save the key (/home/your_username/.ssh/id_rsa):
Step 4: Set a passphrase (optional but recommended).
You’ll be prompted to enter a passphrase. This adds an extra layer of security, requiring the passphrase to be entered whenever the private key is used.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Output:
After successfully generating the keys, you’ll see a message similar to this:
Your identification has been saved in /home/your_username/.ssh/id_rsa.
Your public key has been saved in /home/your_username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:abcdefgHijklmnop12345678QrstuvWxyz your_email@example.com
The key's randomart image is:
+---[RSA 4096]----+
| |
| . o. |
| . + . |
| . o * . |
| . o B E o |
| o X = o . |
| + O * = . |
| o o + . |
| |
+----[SHA256]-----+
---
3. Adding the SSH Key to the SSH Agent
To manage your SSH keys efficiently, you can use the SSH agent, which handles your keys for you, allowing you to use the passphrase-protected keys without entering the passphrase repeatedly.
Step 1: Start the SSH agent.
eval "$(ssh-agent -s)"
Step 2: Add your private key to the SSH agent.
ssh-add ~/.ssh/id_rsa
---
4. Adding Your SSH Key to a Remote Server
To use your SSH key for authentication, you need to add the public key to the ~/.ssh/authorized_keys
file on the remote server.
Step 1: Copy the public key to the remote server.
You can manually copy the key or use the ssh-copy-id
command for convenience.
ssh-copy-id username@remote_host
If ssh-copy-id
is not available, manually copy the public key using cat
and echo
commands:
cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Step 2: Log in using the SSH key.
Once the public key is added, you can log in to the remote server without a password:
ssh username@remote_host
---
5. Managing Multiple SSH Keys
If you have multiple SSH keys for different services, you can specify which key to use by configuring your ~/.ssh/config
file.
Example:
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_github
Host server.example.com
HostName server.example.com
User your_username
IdentityFile ~/.ssh/id_rsa_example
Explanation:
Host
: The alias you use for the server.
HostName
: The actual domain name or IP address of the server.
User
: The username used to log in to the server.
IdentityFile
: The path to the private key file.
With this configuration, you can simply use ssh github.com
or ssh server.example.com
to connect to different servers with the corresponding keys.
---
6. Changing the Passphrase of an SSH Key
You can change the passphrase of an existing SSH key without regenerating the key.
Step 1: Use ssh-keygen
to change the passphrase.
ssh-keygen -p -f ~/.ssh/id_rsa
Explanation:
-p
: Prompts for a new passphrase.
-f
: Specifies the file of the key to update.
You’ll be prompted to enter the old passphrase and then the new one.
---
7. Deleting an SSH Key
If you no longer need an SSH key, you can delete it by simply removing the files.
rm ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
Note: Be sure to remove the corresponding public key from any servers where it was added.
---
Conclusion
SSH keys are a powerful and secure way to authenticate with remote servers, and ssh-keygen
is the tool to generate and manage them. Whether you’re setting up a new server, working with Git, or managing multiple SSH keys, this tutorial has covered the essential steps to get you up and running.
Comments
Please log in to leave a comment.