- Linux / UNIX: Generate SSH Keys
- ssh-keygen command to Generate SSH Keys
- SSH Keys Are Generated, What Next?
- Optional ssh-keygen command syntax for advance users
- Conclusion
- How To Set up SSH Keys on a Linux / Unix System
- What is a public key authentication?
- How to set up SSH keys
- How do I set up public key authentication?
- 1: Create the key pair
- Optional syntax for advance users
- Generating a new SSH key and adding it to the ssh-agent
- Help us make these docs great!
- How To Create SSH Keys with OpenSSH on macOS, Linux, or Windows Subsystem for Linux
- Introduction
- Prerequisites
- Step 1 — Understanding SSH Keys
- Step 2 — Opening a Terminal on Your Computer
- Step 3 — Generating Keys With OpenSSH
- Conclusion
Linux / UNIX: Generate SSH Keys
H ow do I generate ssh keys under Linux / UNIX / Mac OS X and *BSD operating systems for remote login?
SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if required. You can create ssh keys as follows on any Linux or UNIX-like operating systems including Mac OS X.[donotprint]
| Tutorial details | |
|---|---|
| Difficulty level | Easy |
| Root privileges | No |
| Requirements | None |
| Est. reading time | 5m |
[/donotprint]
ssh-keygen command to Generate SSH Keys
The ssh-keygen command generates, manages and converts authentication keys for ssh client and server usage. Type the following command to generate ssh keys (open terminal and type the command):
$ ssh-keygen
Generate SSH keys looks as follows:
The above command creates
/.ssh/ directory. So if your user name is vivek, than all files are stored in /home/vivek/.ssh/ or $HOME/.ssh/ directory as follows:
- $HOME/.ssh/id_rsa – Your private key. Do not share this file with anyone. Keep it private
- $HOME/.ssh/id_rsa.pub – Your public key.
Please note that the passphrase must be different from your current password and do not share keys or passphrase with anyone. Also, make sure you have correct and secure permissions on $HOME/.ssh/ directory:
- No ads and tracking
- In-depth guides for developers and sysadmins at Opensourceflare✨
- Join my Patreon to support independent content creators and start reading latest guides:
- How to set up Redis sentinel cluster on Ubuntu or Debian Linux
- How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
- How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
- A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
- How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
SSH Keys Are Generated, What Next?
You need to copy $HOME/.ssh/id_rsa.pub file to remote server so that you can login using keys instead of the password. Use any one of the following command to copy key to remote server called vpn22.nixcraft.net.in for vivek user:
ssh-copy-id vivek@vpn22.nixcraft.net.in
On some *nix system such as OS X ssh-copy-id command may not be installed, use the following commands (when prompted provide the password for remote user account called vivek) to install/append the public key on remote host:
ssh vivek@vpn22.nixcraft.net.in «umask 077; mkdir .ssh»
cat $HOME/.ssh/id_rsa.pub | ssh vivek@vpn22.nixcraft.net.in «cat >> .ssh/authorized_keys»
To login simply type:
ssh vivek@vpn22.nixcraft.net.in
The following command will help to remember passphrase
exec ssh-agent $SHELL
ssh-add
ssh vivek@vpn22.nixcraft.net.in
Optional ssh-keygen command syntax for advance users
The following syntax specifies the 4096 of bits in the RSA key to creation (default 2048):
ssh-keygen -t rsa -b 4096 -f
/.ssh/aws.key -C «My AWs cloud key»
Where,
- -t rsa : Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.
- -b 4096 : Specifies the number of bits in the key to create.
- -f
/.ssh/aws.key : Specifies the filename of the key file.
Now install the
/.ssh/aws.key, run:
ssh-copy-id -i
/.ssh/aws.key user@aws-server-ip
Test it with the ssh command:
ssh -i
Conclusion
You learned how to create and generate ssh keys using the ssh-keygen command.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via
Источник
How To Set up SSH Keys on a Linux / Unix System
I recently read that SSH keys provide a secure way of logging into a Linux and Unix-based server. How do I set up SSH keys on a Linux or Unix based systems? In SSH for Linux/Unix, how do I set up public key authentication?
| Tutorial details | |
|---|---|
| Difficulty level | Easy |
| Root privileges | No |
| Requirements | OpenSSH client and server |
| Est. reading time | 8 mintues |
This page explains a public key and shows you how to set up SSH keys on a Linux or Unix-like server. I am assuming that you are using Linux or Unix-like server and client with the following software:
- OpenSSH SSHD server
- OpenSSH ssh client and friends on Linux (Ubuntu, Debian,
What is a public key authentication?
OpenSSH server supports various authentication schema. The two most popular are as follows:
- Passwords based authentication
- Public key based authentication. It is an alternative security method to using passwords. This method is recommended on a VPS, cloud, dedicated or even home based server.
How to set up SSH keys
Steps to setup secure ssh keys:
- Create the ssh key pair using ssh-keygen command.
- Copy and install the public ssh key using ssh-copy-id command on a Linux or Unix server.
- Add yourself to sudo or wheel group admin account.
- Disable the password login for root account.
- Test your password less ssh keys login using ssh user@server-name command.
Let us see all steps in details.
How do I set up public key authentication?
You must generate both a public and a private key pair. For example:
Fig.01: Our sample setup
In public key based method you can log into remote hosts and server, and transfer files to them, without using your account passwords. Feel free to replace server1.cyberciti.biz and client1.cyberciti.biz names with your actual setup. Enough talk, let’s set up public key authentication. Open the Terminal and type following commands if .ssh directory does not exists:
1: Create the key pair
On the computer (such as client1.cyberciti.biz), generate a key pair for the protocol.
You need to set the Key Pair location and name. I recommend you use the default location if you do not yet have another key there, for example: $HOME/.ssh/id_rsa. You will be prompted to supply a passphrase (password) for your private key. I suggest that you setup a passphrase when prompted. You should see two new files in $HOME/.ssh/ directory:
- $HOME/.ssh/id_rsa – contains your private key.
- $HOME/.ssh/id_rsa.pub – contain your public key.
Optional syntax for advance users
The following syntax specifies the 4096 of bits in the RSA key to creation (default 2048):
$ ssh-keygen -t rsa -b 4096 -f
/.ssh/vps-cloud.web-server.key -C «My web-server key»
Where,
- -t rsa : Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.
- -b 4096 : Specifies the number of bits in the key to create
- -f
Источник
Generating a new SSH key and adding it to the ssh-agent
After you’ve checked for existing SSH keys, you can generate a new SSH key to use for authentication, then add it to the ssh-agent.
About SSH key generation
If you don’t already have an SSH key, you must generate a new SSH key to use for authentication. If you’re unsure whether you already have an SSH key, you can check for existing keys. For more information, see «Checking for existing SSH keys.»
If you want to use a hardware security key to authenticate to GitHub, you must generate a new SSH key for your hardware security key. You must connect your hardware security key to your computer when you authenticate with the key pair. For more information, see the OpenSSH 8.2 release notes.
If you don’t want to reenter your passphrase every time you use your SSH key, you can add your key to the SSH agent, which manages your SSH keys and remembers your passphrase.
Generating a new SSH key
Open Terminal Terminal Git Bash .
Paste the text below, substituting in your GitHub email address.
Note: If you are using a legacy system that doesn’t support the Ed25519 algorithm, use:
This creates a new SSH key, using the provided email as a label.
When you’re prompted to «Enter a file in which to save the key,» press Enter. This accepts the default file location.
At the prompt, type a secure passphrase. For more information, see «Working with SSH key passphrases.»
Adding your SSH key to the ssh-agent
Before adding a new SSH key to the ssh-agent to manage your keys, you should have checked for existing SSH keys and generated a new SSH key. When adding your SSH key to the agent, use the default macOS ssh-add command, and not an application installed by macports, homebrew, or some other external source.
Start the ssh-agent in the background.
Depending on your environment, you may need to use a different command. For example, you may need to use root access by running sudo -s -H before starting the ssh-agent, or you may need to use exec ssh-agent bash or exec ssh-agent zsh to run the ssh-agent.
If you’re using macOS Sierra 10.12.2 or later, you will need to modify your
/.ssh/config file to automatically load keys into the ssh-agent and store passphrases in your keychain.
First, check to see if your
/.ssh/config file exists in the default location.
If the file doesn’t exist, create the file.
/.ssh/config file, then modify the file to contain the following lines. If your SSH key file has a different name or path than the example code, modify the filename or path to match your current setup.
Note: If you chose not to add a passphrase to your key, you should omit the UseKeychain line.
Note: If you see an error like this
add an additional config line to your Host * section:
Add your SSH private key to the ssh-agent and store your passphrase in the keychain. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_ed25519 in the command with the name of your private key file.
Note: The -K option is Apple’s standard version of ssh-add , which stores the passphrase in your keychain for you when you add an SSH key to the ssh-agent. If you chose not to add a passphrase to your key, run the command without the -K option.
If you don’t have Apple’s standard version installed, you may receive an error. For more information on resolving this error, see «Error: ssh-add: illegal option — K.»
Add the SSH key to your account on GitHub. For more information, see «Adding a new SSH key to your GitHub account.»
If you have GitHub Desktop installed, you can use it to clone repositories and not deal with SSH keys.
Ensure the ssh-agent is running. You can use the «Auto-launching the ssh-agent» instructions in «Working with SSH key passphrases», or start it manually:
Add your SSH private key to the ssh-agent. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_ed25519 in the command with the name of your private key file.
Add the SSH key to your account on GitHub. For more information, see «Adding a new SSH key to your GitHub account.»
Start the ssh-agent in the background.
Depending on your environment, you may need to use a different command. For example, you may need to use root access by running sudo -s -H before starting the ssh-agent, or you may need to use exec ssh-agent bash or exec ssh-agent zsh to run the ssh-agent.
Add your SSH private key to the ssh-agent. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_ed25519 in the command with the name of your private key file.
Add the SSH key to your account on GitHub. For more information, see «Adding a new SSH key to your GitHub account.»
Generating a new SSH key for a hardware security key
If you are using macOS or Linux, you may need to update your SSH client or install a new SSH client prior to generating a new SSH key. For more information, see «Error: Unknown key type.»
Insert your hardware security key into your computer.
Open Terminal Terminal Git Bash .
Paste the text below, substituting in the email address for your account on GitHub.
Note: If the command fails and you receive the error invalid format or feature not supported, you may be using a hardware security key that does not support the Ed25519 algorithm. Enter the following command instead.
When you are prompted, touch the button on your hardware security key.
When you are prompted to «Enter a file in which to save the key,» press Enter to accept the default file location.
When you are prompted to type a passphrase, press Enter.
Add the SSH key to your account on GitHub. For more information, see «Adding a new SSH key to your GitHub account.»
Help us make these docs great!
All GitHub docs are open source. See something that’s wrong or unclear? Submit a pull request.
Источник
How To Create SSH Keys with OpenSSH on macOS, Linux, or Windows Subsystem for Linux
Published on December 1, 2020
Introduction
When setting up a remote Linux server, you’ll need to decide upon a method for securely connecting to it. While passwords are one way of verifying a user’s identity, passwords have multiple vulnerabilities and can be cracked by a brute force attack. Secure Shell keys — better known as SSH keys — are often used instead of passwords, as they offer a more secure method of connecting to remote Linux servers. As part of the Secure Shell cryptographic network protocol, SSH keys also enable users to securely perform network services over an unsecured network, such as delivering text-based commands to a remote server or configuring its services.
This tutorial will guide you through the steps of creating SSH keys with OpenSSH, a suite of open source SSH tools, on macOS and Linux, as well as on Windows through the use of the Windows Subsystem for Linux. It is written for an audience that is just getting started with the command line and will provide guidance on accessing the terminal on a personal computer. After completing this tutorial, you will have SSH keys that can be used to securely set up a server in the tutorial How To Set Up an Ubuntu 20.04 Server on a DigitalOcean Droplet that is part of the Introduction to the Cloud Curriculum.
If you are already familiar with the command line and looking for instructions on using SSH to connect to a remote server, please see our collection of tutorials on Setting Up SSH Keys for a range of Linux operating systems.
Prerequisites
To complete this tutorial, you will need:
- A local machine running one of the following operating systems: macOS, Linux, or Windows with Windows Subsystem for Linux installed. If you are using Windows, you can find instructions for downloading or updating the Windows Subsystem for Linux on Microsoft’s documentation page. Note that while OpenSSH should work for a range of Linux distributions, this tutorial has been tested using Ubuntu 20.04.
Note: If you are looking for instructions on how to create SSH keys on a Windows machine that does not have the Windows Subsystem for Linux, please visit our product documentation How to Create SSH Keys with PuTTY on Windows.
- Some familiarity with working with a terminal and the command line. If you need an introduction to working with terminals and the command line, you can visit our guide A Linux Command Line Primer.
Step 1 — Understanding SSH Keys
SSH keys are two long strings of characters that can be used to authenticate the identity of a user requesting access to a remote server. These keys are generated by the user on their local computer using a SSH utility. One key is private and stored on the user’s local machine. The other key is public and shared with the remote server or any other entity the user wishes to securely communicate with.
When a user requests to connect to a server with SSH, the server sends a message encrypted with the public key that can only be decrypted by the associated private key. The user’s local machine then uses its private key to attempt to decrypt the message. If the message is successfully decrypted, the server grants the user access without the need of a password. Once authenticated, users can launch a remote shell session in their local terminal to deliver text-based commands to the remote server.
In the next step, you will open a terminal on your computer so that you can access the SSH utility used to generate a pair of SSH keys.
Step 2 — Opening a Terminal on Your Computer
A terminal allows you to interact with your computer through text-based commands rather than a graphical user interface. The way you access the terminal on your computer will depend on what type of operating system you are using.
On machines running macOS, the Terminal application is typically located in the Utilities folder inside the Applications folder. You can also find it by searching for “terminal” in the Search Spotlight.
If you are working on a Linux computer, your distribution’s default terminal application is also typically located in the Utilities folder inside the Applications folder. You can also find it by searching for “terminal” with the Desktop search functionality.
If you are working on a Windows machine running Windows Subsystem for Linux, a Linux terminal should open immediately after installation. You can also find it by searching for “Ubuntu” with the Desktop search functionality.
Once you have located your system’s terminal application, open up a new terminal window. Your terminal should display your user name, a dollar sign ( $ ), and a cursor. This is where you will begin to type commands to tell the terminal what to do.
In the next step, you will enter a text-based command to generate a pair of SSH keys.
Step 3 — Generating Keys With OpenSSH
Your macOS or Linux operating system should have the standard OpenSSH suite of tools already installed. This suite of tools includes the utility ssh-keygen , which you will use to generate a pair of SSH keys.
Type the following command into your terminal:
You will then be prompted to select a location for the keys. By default, the keys are stored in the
/.ssh directory with the filenames id_rsa for the private key and id_rsa.pub for the public key. Using the default locations allows your SSH client to automatically find your SSH keys when authenticating, so we recommend accepting these default options. To do so, press ENTER :
Warning: If you have previously generated a key pair, you will be prompted to confirm that you actually want to overwrite the existing key:
If you choose to overwrite the key on disk, you will not be able to authenticate using the previous key anymore. Selecting “yes” is an irreversible destructive process.
If you’re certain that you want to overwrite the existing key on disk, you can do so by pressing Y and then ENTER .
If you choose the default location, your public key will be located in /home/ sammy /.ssh/id_rsa.pub and your private key will be located in /home/ sammy /.ssh/id_rsa . Note that in your filepath, sammy will be replaced with your username.
After selecting a location for the key, you’ll be prompted to enter an optional passphrase which encrypts the private key file on disk.
If you enter a passphrase, you will have to provide it every time you use this key (unless you are running SSH agent software that stores the decrypted key). We recommend using a passphrase, but you can just press ENTER to bypass this prompt:
Following that final prompt, your system will generate the SSH key pair:
You now have a public and private key that you can use to authenticate.
Conclusion
Congratulations, you have now generated a pair of SSH keys. These keys can be used to securely connect with a remote server and are necessary for the tutorial How To Set Up an Ubuntu 20.04 Server on a DigitalOcean Droplet that follows this tutorial in the Introduction to the Cloud Curriculum.
For a deeper dive on working using SSH, please visit our guide SSH Essentials: Working With SSH Servers, Clients, and Keys.
Источник
