Linux make ssh key

Linux / UNIX: Generate SSH Keys

H ow do I generate ssh keys under Linux / UNIX / Mac OS X and *BSD operating systems for remote login?

SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if required. You can create ssh keys as follows on any Linux or UNIX-like operating systems including Mac OS X.[donotprint]

Tutorial details
Difficulty level	Easy
Root privileges	No
Requirements	None
Est. reading time	5m

[/donotprint]

ssh-keygen command to Generate SSH Keys

The ssh-keygen command generates, manages and converts authentication keys for ssh client and server usage. Type the following command to generate ssh keys (open terminal and type the command):
$ ssh-keygen
Generate SSH keys looks as follows:

The above command creates

/.ssh/ directory. So if your user name is vivek, than all files are stored in /home/vivek/.ssh/ or $HOME/.ssh/ directory as follows:

• $HOME/.ssh/id_rsa – Your private key. Do not share this file with anyone. Keep it private
• $HOME/.ssh/id_rsa.pub – Your public key.

Please note that the passphrase must be different from your current password and do not share keys or passphrase with anyone. Also, make sure you have correct and secure permissions on $HOME/.ssh/ directory:

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

SSH Keys Are Generated, What Next?

You need to copy $HOME/.ssh/id_rsa.pub file to remote server so that you can login using keys instead of the password. Use any one of the following command to copy key to remote server called vpn22.nixcraft.net.in for vivek user:
ssh-copy-id vivek@vpn22.nixcraft.net.in
On some *nix system such as OS X ssh-copy-id command may not be installed, use the following commands (when prompted provide the password for remote user account called vivek) to install/append the public key on remote host:
ssh vivek@vpn22.nixcraft.net.in «umask 077; mkdir .ssh»
cat $HOME/.ssh/id_rsa.pub | ssh vivek@vpn22.nixcraft.net.in «cat >> .ssh/authorized_keys»
To login simply type:
ssh vivek@vpn22.nixcraft.net.in
The following command will help to remember passphrase
exec ssh-agent $SHELL
ssh-add
ssh vivek@vpn22.nixcraft.net.in

Optional ssh-keygen command syntax for advance users

The following syntax specifies the 4096 of bits in the RSA key to creation (default 2048):
ssh-keygen -t rsa -b 4096 -f

/.ssh/aws.key -C «My AWs cloud key»
Where,

• -t rsa : Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.
• -b 4096 : Specifies the number of bits in the key to create.
• -f

/.ssh/aws.key : Specifies the filename of the key file.

-C «My AWs cloud key» : Set a new comment.

Now install the

/.ssh/aws.key, run:
ssh-copy-id -i

/.ssh/aws.key user@aws-server-ip
Test it with the ssh command:
ssh -i

Conclusion

You learned how to create and generate ssh keys using the ssh-keygen command.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник

How To Set up SSH Keys on a Linux / Unix System

I recently read that SSH keys provide a secure way of logging into a Linux and Unix-based server. How do I set up SSH keys on a Linux or Unix based systems? In SSH for Linux/Unix, how do I set up public key authentication?

Tutorial details
Difficulty level	Easy
Root privileges	No
Requirements	OpenSSH client and server
Est. reading time	8 mintues

This page explains a public key and shows you how to set up SSH keys on a Linux or Unix-like server. I am assuming that you are using Linux or Unix-like server and client with the following software:

• OpenSSH SSHD server
• OpenSSH ssh client and friends on Linux (Ubuntu, Debian, BSD, RHEL, CentOS, MacOS/OSX, AIX, HP-UX and co).

What is a public key authentication?

OpenSSH server supports various authentication schema. The two most popular are as follows:

1. Passwords based authentication
2. Public key based authentication. It is an alternative security method to using passwords. This method is recommended on a VPS, cloud, dedicated or even home based server.

How to set up SSH keys

Steps to setup secure ssh keys:

1. Create the ssh key pair using ssh-keygen command.
2. Copy and install the public ssh key using ssh-copy-id command on a Linux or Unix server.
3. Add yourself to sudo or wheel group admin account.
4. Disable the password login for root account.
5. Test your password less ssh keys login using ssh user@server-name command.

Let us see all steps in details.

How do I set up public key authentication?

You must generate both a public and a private key pair. For example:

Fig.01: Our sample setup

In public key based method you can log into remote hosts and server, and transfer files to them, without using your account passwords. Feel free to replace server1.cyberciti.biz and client1.cyberciti.biz names with your actual setup. Enough talk, let’s set up public key authentication. Open the Terminal and type following commands if .ssh directory does not exists:

1: Create the key pair

On the computer (such as client1.cyberciti.biz), generate a key pair for the protocol.

You need to set the Key Pair location and name. I recommend you use the default location if you do not yet have another key there, for example: $HOME/.ssh/id_rsa. You will be prompted to supply a passphrase (password) for your private key. I suggest that you setup a passphrase when prompted. You should see two new files in $HOME/.ssh/ directory:

1. $HOME/.ssh/id_rsa – contains your private key.
2. $HOME/.ssh/id_rsa.pub – contain your public key.

Optional syntax for advance users

The following syntax specifies the 4096 of bits in the RSA key to creation (default 2048):
$ ssh-keygen -t rsa -b 4096 -f

/.ssh/vps-cloud.web-server.key -C «My web-server key»
Where,

• -t rsa : Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.
• -b 4096 : Specifies the number of bits in the key to create
• -f

Источник

10 examples to generate SSH key in Linux (ssh-keygen)

Table of Contents

We use ssh-keygen tool to generate SSH keys which are used for Public Key Based Authentication with SSH. As the time of writing this article, there are 6 different types of authentication methods possible with SSH. But Public key Authentication is one of the most used authentication methods used across production environment.

To use public key based authentication you would need a public and private key pair.

• The public key content must be added to the authorized_keys file of server
• The private key will be stored on the client

So when a client tries to make a secure connection, it will use this private and public key pair combination to establish the connection

Overview on ssh-keygen

• ssh-keygen is a utility provided by openssh rpm which should be installed by default on all the Linux distributions.
• ssh-keygen generates, manages and converts authentication keys for ssh version 2.0 and higher
• This tool supports different arguments which can be used to create keys as per the requirement
• If you wish to use SSH with public key authentication then use this once to create the authentication key in

/.ssh/id_rsa

If you forgot the passphrase then there is no way to reset the passphrase and you must recreate new passphrase and place they key pairs at respective locations to re-activate public key authentication

Let us explore the ssh-keygen tool to generate different types of key pairs in Linux

1. Generate ssh key without any arguments

• You can execute ssh-keygen without any arguments which will generate key pairs by default using RSA algorithm
• The tool will prompt for the location to store the RSA key pairs.
• The default location would be inside user’s home folder under .ssh i.e.

/.ssh
The tool will create

/.ssh if the directory does not exists already

The default naming syntax used for the private RSA key will be id_rsa and public key will be id_rsa.pub

Next provided the passphrase, you can just press ENTER to create passphrase less key pair

Snippet from my terminal

Generate SSH Key without any arguments

2. Define Key Type

• By default ssh-keygen will create RSA type key
• You can create key with dsa , ecdsa , ed25519 , or rsa type
• Use -t argument to define the type of the key
• In this example I am creating key pair of ED25519 type

Snippet from my terminal

Define key type

3. Define Bit size

By default ssh-keygen generates SSH key with 2048 bit size. You can also specify the number of bits to be used for the keys by using -b

In this example i will generate keys with 4096 bit size

Snippet from my terminal

Define bit size

4. Assign Passphrase

By default ssh-keygen will prompt for the passphrase before creating the key pairs. But we can also assign passphrase with using -P

Snippet from my terminal

Assign passphrase

5. Change passphrase of the private key

• You can also change the existing passphrase of your private key
• Use ssh-keygen with -p which will prompt you for the location of your private key file
• Next provide the existing passphrase of your private key
• If the provided passphrase is correct, you will get the prompt to assign new passphrase to your existing private key

6. Create keys with custom filename

• By default ssh-keygen creates private key with the name id_rsa and public key as id_rsa.pub
• We can also create keys with custom filename using -f
• This will create and keep the certificates in the current location from where you execute ssh-keygen tool
• In this example my private key will be my-own-rsa-key and public key would be my-own-rsa-key.pub

Snippet from my terminal

Generate SSH key and assign filename

7. Add custom comment to the key

You can also add custom comment to your private key for more identification. Use -C to generate keys with your custom comment

We can use -l to print the fingerprint and comment of the private key

8. Change comment of the key

You can also change the existing comment of your private key using -c argument

Check the new comment of your private key

9. Hash the content of known_hosts file

• Every time you do SSH to another server, the SSH fingerprint for the secure connection is added to the client’s

/.ssh/known_hosts file

This is used to verify the authenticity of the SSH connection

The content of known_hosts file would be in this format

• Any intruder can use this information to get the fingerprint details of individual hostname .
• You can use ssh-keygen to hash the hostname entries in the known_hosts file using -H argument
• This option will not modify existing hashed hostname and is therefore safe to use on files that mix hashed and non-hashed names.
• This will create a backup file with .old extension in the same location

Next check the content of known_hosts file

As you see now the hostname can not be understood as they are hashed. A backup file is also created at the same location

10. Remove keys for hostname from known_hosts file

• Every time you do SSH, the RSA key for the SSH connection for respective hostname is stored inside

/.ssh/known_hosts file

But if you re-install the target server and attempt to do SSH then it is possible the SSH may fail due to mis-match in the fingerprint

So you can either manually search and delete the RSA fingerprint of your server from known_hosts file or you can use ssh-keygen to do the job

Use -R to automatically search and delete all fingerprint and RSA key entries for the provided hostname from known_hosts file

For example to delete all the keys related to 192.168.43.22 host from known_hosts file

Conclusion

ssh-keygen is a very vast tool which can do much more than generating SSH keys. It also supports signing of keys to produce certificates that may be used for user or host authentication. In this article we learned about different arguments which can be used to generate SSH keys for Public key Authentication with SSH

You can also combine all the arguments from this tutorial to automate the process. Lastly I hope the steps from the article to understand about ssh-keygen tool in more detail with different examples on Linux was helpful. So, let me know your suggestions and feedback using the comment section.

References

I have used below external references for this tutorial guide
man page for ssh-keygen

Related Posts

Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

Источник

Читайте также:  Создание мультизагрузочной флешки с несколькими ос linux