- 4.3 Git on the Server — Generating Your SSH Public Key
- Generating Your SSH Public Key
- How To Set up SSH Keys on a Linux / Unix System
- What is a public key authentication?
- How to set up SSH keys
- How do I set up public key authentication?
- 1: Create the key pair
- Optional syntax for advance users
- Linux / UNIX: Generate SSH Keys
- ssh-keygen command to Generate SSH Keys
- SSH Keys Are Generated, What Next?
- Optional ssh-keygen command syntax for advance users
- Conclusion
- How to Generate A Public/Private SSH Key [Linux]
- 3 comments
- Popular Posts
4.3 Git on the Server — Generating Your SSH Public Key
Generating Your SSH Public Key
Many Git servers authenticate using SSH public keys. In order to provide a public key, each user in your system must generate one if they don’t already have one. This process is similar across all operating systems. First, you should check to make sure you don’t already have a key. By default, a user’s SSH keys are stored in that user’s
/.ssh directory. You can easily check to see if you have a key already by going to that directory and listing the contents:
You’re looking for a pair of files named something like id_dsa or id_rsa and a matching file with a .pub extension. The .pub file is your public key, and the other file is the corresponding private key. If you don’t have these files (or you don’t even have a .ssh directory), you can create them by running a program called ssh-keygen , which is provided with the SSH package on Linux/macOS systems and comes with Git for Windows:
First it confirms where you want to save the key ( .ssh/id_rsa ), and then it asks twice for a passphrase, which you can leave empty if you don’t want to type a password when you use the key. However, if you do use a password, make sure to add the -o option; it saves the private key in a format that is more resistant to brute-force password cracking than is the default format. You can also use the ssh-agent tool to prevent having to enter the password each time.
Now, each user that does this has to send their public key to you or whoever is administrating the Git server (assuming you’re using an SSH server setup that requires public keys). All they have to do is copy the contents of the .pub file and email it. The public keys look something like this:
Источник
How To Set up SSH Keys on a Linux / Unix System
I recently read that SSH keys provide a secure way of logging into a Linux and Unix-based server. How do I set up SSH keys on a Linux or Unix based systems? In SSH for Linux/Unix, how do I set up public key authentication?
| Tutorial details | |
|---|---|
| Difficulty level | Easy |
| Root privileges | No |
| Requirements | OpenSSH client and server |
| Est. reading time | 8 mintues |
This page explains a public key and shows you how to set up SSH keys on a Linux or Unix-like server. I am assuming that you are using Linux or Unix-like server and client with the following software:
- OpenSSH SSHD server
- OpenSSH ssh client and friends on Linux (Ubuntu, Debian,
What is a public key authentication?
OpenSSH server supports various authentication schema. The two most popular are as follows:
- Passwords based authentication
- Public key based authentication. It is an alternative security method to using passwords. This method is recommended on a VPS, cloud, dedicated or even home based server.
How to set up SSH keys
Steps to setup secure ssh keys:
- Create the ssh key pair using ssh-keygen command.
- Copy and install the public ssh key using ssh-copy-id command on a Linux or Unix server.
- Add yourself to sudo or wheel group admin account.
- Disable the password login for root account.
- Test your password less ssh keys login using ssh user@server-name command.
Let us see all steps in details.
How do I set up public key authentication?
You must generate both a public and a private key pair. For example:
Fig.01: Our sample setup
In public key based method you can log into remote hosts and server, and transfer files to them, without using your account passwords. Feel free to replace server1.cyberciti.biz and client1.cyberciti.biz names with your actual setup. Enough talk, let’s set up public key authentication. Open the Terminal and type following commands if .ssh directory does not exists:
1: Create the key pair
On the computer (such as client1.cyberciti.biz), generate a key pair for the protocol.
You need to set the Key Pair location and name. I recommend you use the default location if you do not yet have another key there, for example: $HOME/.ssh/id_rsa. You will be prompted to supply a passphrase (password) for your private key. I suggest that you setup a passphrase when prompted. You should see two new files in $HOME/.ssh/ directory:
- $HOME/.ssh/id_rsa – contains your private key.
- $HOME/.ssh/id_rsa.pub – contain your public key.
Optional syntax for advance users
The following syntax specifies the 4096 of bits in the RSA key to creation (default 2048):
$ ssh-keygen -t rsa -b 4096 -f
/.ssh/vps-cloud.web-server.key -C «My web-server key»
Where,
- -t rsa : Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.
- -b 4096 : Specifies the number of bits in the key to create
- -f
Источник
Linux / UNIX: Generate SSH Keys
H ow do I generate ssh keys under Linux / UNIX / Mac OS X and *BSD operating systems for remote login?
SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if required. You can create ssh keys as follows on any Linux or UNIX-like operating systems including Mac OS X.[donotprint]
| Tutorial details | |
|---|---|
| Difficulty level | Easy |
| Root privileges | No |
| Requirements | None |
| Est. reading time | 5m |
[/donotprint]
ssh-keygen command to Generate SSH Keys
The ssh-keygen command generates, manages and converts authentication keys for ssh client and server usage. Type the following command to generate ssh keys (open terminal and type the command):
$ ssh-keygen
Generate SSH keys looks as follows:
The above command creates
/.ssh/ directory. So if your user name is vivek, than all files are stored in /home/vivek/.ssh/ or $HOME/.ssh/ directory as follows:
- $HOME/.ssh/id_rsa – Your private key. Do not share this file with anyone. Keep it private
- $HOME/.ssh/id_rsa.pub – Your public key.
Please note that the passphrase must be different from your current password and do not share keys or passphrase with anyone. Also, make sure you have correct and secure permissions on $HOME/.ssh/ directory:
- No ads and tracking
- In-depth guides for developers and sysadmins at Opensourceflare✨
- Join my Patreon to support independent content creators and start reading latest guides:
- How to set up Redis sentinel cluster on Ubuntu or Debian Linux
- How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
- How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
- A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
- How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
SSH Keys Are Generated, What Next?
You need to copy $HOME/.ssh/id_rsa.pub file to remote server so that you can login using keys instead of the password. Use any one of the following command to copy key to remote server called vpn22.nixcraft.net.in for vivek user:
ssh-copy-id vivek@vpn22.nixcraft.net.in
On some *nix system such as OS X ssh-copy-id command may not be installed, use the following commands (when prompted provide the password for remote user account called vivek) to install/append the public key on remote host:
ssh vivek@vpn22.nixcraft.net.in «umask 077; mkdir .ssh»
cat $HOME/.ssh/id_rsa.pub | ssh vivek@vpn22.nixcraft.net.in «cat >> .ssh/authorized_keys»
To login simply type:
ssh vivek@vpn22.nixcraft.net.in
The following command will help to remember passphrase
exec ssh-agent $SHELL
ssh-add
ssh vivek@vpn22.nixcraft.net.in
Optional ssh-keygen command syntax for advance users
The following syntax specifies the 4096 of bits in the RSA key to creation (default 2048):
ssh-keygen -t rsa -b 4096 -f
/.ssh/aws.key -C «My AWs cloud key»
Where,
- -t rsa : Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.
- -b 4096 : Specifies the number of bits in the key to create.
- -f
/.ssh/aws.key : Specifies the filename of the key file.
Now install the
/.ssh/aws.key, run:
ssh-copy-id -i
/.ssh/aws.key user@aws-server-ip
Test it with the ssh command:
ssh -i
Conclusion
You learned how to create and generate ssh keys using the ssh-keygen command.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via
Источник
How to Generate A Public/Private SSH Key [Linux]
If you are using SSH frequently to connect to a remote host, one of the way to secure the connection is to use a public/private SSH key so no password is transmitted over the network and it can prevent against brute force attack.
In Linux, creating a public/private SSH key is easy.
1. Open a terminal. Type:
Alternatively, you can also use the DSA (Digital Signing Algorithm) technology to create the public/private key.
Note: There has been a lot of debate about the security of DSA and RSA. In my opinion, unless you are very particular and love to delve into the technical detail between the two technology, it doesn’t matter which of the two you choose. Both will work fine.
2. In the next screen, you should see a prompt, asking you for the location to save the key. The default location is the .ssh folder in your Home directory. You can just press “Enter” to accept the default setting.
3. Next, you will be prompted to enter passphrase. This is NOT the passphrase to connect to your remote host. This is the passphrase to unlock the private key so that no one can access your remote server even if they got hold of your private key. The passphrase is optional. To leave it blank, just press “Enter”.
4. Your public and private SSH key should now be generated. Open the file manager and navigate to the .ssh directory. You should see two files: id_rsa and id_rsa.pub.
5. Upload the id_rsa.pub file to the home folder of your remote host (assuming your remote host is running Linux as well). Connect to your remote host via SSH and use the following command to move the public key to the correct location.
6. Still in your remote host, open the SSH config file:
Scroll down the config file and make sure the following attributes are set correctly.
Press “ctrl + o” to write and save the file, follow by “ctrl + x” to close the file.
7. Lastly, restart the SSH server in the remote host
That’s it. You can now connect to your remote host with the following command:
Damien Oh started writing tech articles since 2007 and has over 10 years of experience in the tech industry. He is proficient in Windows, Linux, Mac, Android and iOS, and worked as a part time WordPress Developer. He is currently the owner and Editor-in-Chief of Make Tech Easier.
3 comments
Most distros provide seahorse which provides a gui for doing this, it will so automatically access an ssh server and add the public key to the servers keyring which is pretty handy.
Definitely worth pointing your readers to seahorse if you want to “make tech easier”
there’s a typo in your commands…
you wrote “ssh -keygen -t rsa” but it should be “ssh-keygen -t rsa” with no space between “ssh” and “-keygen”
Comments are closed.
Popular Posts
RedMagic 6S Pro Review: Gaming Is Serious Business.
How to Boot to Recovery Mode (Safe Mode) in Ubuntu
Ubuntu Software Center Not Working? Here Are the Fixes
How to Stress Test a Graphics Card on Linux
How to Mount a Windows Share Folder on Linux
How to Mount Your iPhone as an External Drive in Ubuntu
How to Fix Ubuntu Freezing in VirtualBox
How to Fix «Repository Does Not Have Release File» Error
How to Combine PDF Files on Windows and Linux
How to Reset the Root Password in Linux
8 Reasons to Switch from Windows to Linux
Affiliate Disclosure: Make Tech Easier may earn commission on products purchased through our links, which supports the work we do for our readers.
Источник
