Learn how to generate a SSH key pair on your own machine that can then be used to authenticate your connection to a remote server.
Password authentication is the default method most SSH clients use to authenticate with remote servers, but it suffers from potential security vulnerabilities like brute-force login attempts. An alternative to password authentication is using authentication with SSH key pair, in which you generate a SSH key and store it on your computer.
SSH keys are an easy way to identify trusted computers, without involving passwords. They are widely used by network and systems administrators to control servers remotely. SSH key authentication is more secure than password authentication and arguably more convenient.
The main concept is that instead of a password, one uses a key file which is virtually impossible to guess. You give the public part of your key and when logging in it will be used, together with the private key and username, to verify your identity.
The steps below will show you how to generate a SSH key pair and adding the public key to the server.
When generating SSH keys under Linux, you can use the
ssh-keygen command. It is a tool for creating new authentication key pairs for SSH.
To generate a SSH key pair open up the terminal and type in the following command:
ssh-keygen -t rsa
Generating public/private rsa key pair. Enter file in which to save the key (/home/linuxiac/.ssh/id_rsa): Created directory '/home/linuxiac/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/linuxiac/.ssh/id_rsa Your public key has been saved in /home/linuxiac/.ssh/id_rsa.pub The key fingerprint is: SHA256:/W7NlcBoSGR1aqsre8+zjLReP8433PLrCMyQwiObTRE [email protected] The key's randomart image is: +---[RSA 3072]----+ | E.o.. . | | o. o | | .. .oo | | . .ooo.o | | . =Soo. . .| | * o =. ..| | o . o =.o...| | ...Bo=.=+.| | .==.*==+=+| +----[SHA256]-----+
Just press enter when it asks for the file, passphrase, same passphrase. It generates a pair of keys in
~/.ssh directory by default.
You now have two files:
id_rsa(the private key). The private key is stored on your local computer and should be kept secure, with permissions set so that no other users on your computer can read the file.
id_rsa.pub(the public key). The public key is placed on the server you intend to log in to. You can freely share your public key with others.
ls -l /home/linuxiac/.ssh/
drwx------ 2 linuxiac linuxiac 4096 Jul 16 18:31 . drwxr-xr-x 4 linuxiac linuxiac 4096 Jul 16 18:31 .. -rw------- 1 linuxiac linuxiac 2610 Jul 16 18:31 id_rsa -rw-r--r-- 1 linuxiac linuxiac 576 Jul 16 18:31 id_rsa.pub
You can place the public key on any server, and then connect to the server using
ssh. When the public and private keys match up, the SSH server grants access without the need for a password.
For increased security you can generate an even larger SSH key with the
-b option. The
-b flag instructs
ssh-keygen to increase the number of bits used to generate the key pair, and is suggested for additional security. For example, for 4096 bits do:
ssh-keygen -t rsa -b 4096
In this post you have learned how to generate a ssh key pairs using
ssh-keygen. SSH keys have numerous advantages over passwords:
- Increased security: They are nearly impossible to brute force or guess.
- Ease of management: No more creating and changing random passwords.
- Automated tasks: Because you don’t need to type your password every time, its easier to automate tasks that require SSH.
For more about
ssh-keygen command in Linux, consult its manual page.
Feel free to leave a comment if you have any questions.