How to Generate SSH Keys

 

Introduction

In today’s digital age, securing your online activities is paramount. Whether you’re a seasoned developer, a sysadmin, or a casual user, protecting your sensitive data and communications is non-negotiable. One powerful tool in your arsenal for securing remote access to servers and services is SSH (Secure Shell). And at the heart of SSH lies the concept of SSH keys – cryptographic keys that enable secure authentication between two parties.

Understanding SSH Keys

Before we dive into the nitty-gritty of generating SSH keys, let’s grasp the fundamentals. SSH keys come in pairs – a public key and a private key. The public key, as the name suggests, can be shared freely, while the private key must be kept secure. When you attempt to connect to a server using SSH, the server verifies your identity by matching the public key stored on the server with the private key stored on your local machine. If the keys match, access is granted.

Generate SSH Keys: A Step-by-Step Guide

Let’s dive in and examine how to generate SSH keys on any machine.

Open a Terminal Window

Whether you’re on Linux, macOS, or Windows (using tools like Git, Bash or PuTTY), open a terminal window to execute the necessary commands.

Generate SSH Key Pair

Use the ssh-keygen command to generate your SSH key pair. Simply type the following command in your terminal:

$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Replace "your_email@example.com" with your actual email address. This command specifies the type (-t) and the size (-b) of the key.

Save the SSH Keys

After generating the keys, you’ll be prompted to specify where to save them. The default location is usually ~/.ssh/id_rsa for the private key and ~/.ssh/id_rsa.pub for the public key. The “~/” symbol serves as shorthand for the “/home/<username>” directory, where “<username>” represents the user’s specific account name. Press Enter to accept the default location or specify a different one if needed.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):

Choose a Secure Passphrase (Optional):

You’ll be prompted to choose a passphrase to further secure your private key. While optional, using a passphrase adds an extra layer of security. Type in your passphrase when prompted and press Enter.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Your identification has been saved in /home/admin/.ssh/id_rsa
Your public key has been saved in /home/admin/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:bPX+2+BPanhJxdjUfO5j5gjYxCRqpuojiQgXogb2V0I infotechystaff@gmail.com
The key's randomart image is:
+---[RSA 4096]----+
|               ..|
|     E   . .    =|
|    .   . =    *.|
|o..  . * . +  . =|
|+...  * S + .  o |
|o... o . . +  .+.|
|=.. o       oo*.o|
|oo o        .++* |
|  o..        o=oo|
+----[SHA256]-----+

Verify the Keys

Once the keys are generated, you can verify their existence by navigating to the .ssh directory in your home folder (cd ~/.ssh) and listing the contents (ls -l). You should see id_rsa (private key) and id_rsa.pub (public key) among the files.

$ ls -lh .ssh
total 24K
-rw-------. 1 admin admin 3.4K Feb 13 19:09 id_rsa
-rw-r--r--. 1 admin admin  750 Feb 13 19:09 id_rsa.pub

Generate SSH Keys: Using SSH Keys For Authentication

Now that you’ve generated your SSH keys, it’s time to put them to use:

Copy the Public Key to the Server

To authenticate with a remote server using your SSH key pair, you need to copy the public key to the server. You can achieve this by running the following command:

$ ssh-copy-id user@hostname

Replace user with your username and hostname with the IP address or domain name of the destination server.

Enter Password (if prompted)

You may be prompted to enter your password to complete the process. This is the last time you’ll need to use your password for SSH authentication – from now on, your SSH key will handle authentication.

admin@rhel9-vm1's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'admin@rhel9-vm2'"
and check to make sure that only the key(s) you wanted were added.

Test the Connection

Once the public key is copied to the server, you can test the SSH connection by attempting to log in:

$ ssh user@hostname

If everything is set up correctly, you should be logged in without being prompted for a password.

Conclusion

Congratulations! You’ve mastered the art of generating SSH keys and using them for secure authentication. We’ve covered the step-by-step process of generating SSH keys, along with practical examples and insights to empower you in securing your online activities. By following these guidelines, you can enhance the security of your remote connections and safeguard your sensitive data effectively.

Did you find this article useful? Your feedback is invaluable to us! Please feel free to share your thoughts in the comments section below.