How To Create SSH Keys on a Linux

SSH (Secure Shell) is an encrypted protocol used to administer and communicate with servers. SSH keys provide a more secure way of logging into a linux server. While a password stands the risk of being finally cracked, SSH keys are rather impossible to translate using brute force. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol.

See Also:

  • Difference between Telnet and SSH in Linux
  • Allow/Deny logins via ssh server using PAM module
  • Block SSH Server Attacks Using DenyHosts in CentOS/RHEL 5/6/7
  • How to Enable SSH Login Email Alerts Notification
  • SSH Interview Questions and Answers
  • Setup SSH Keys

    When we generate a key pair then its create two files public key and private key at home directory of users. You can copy the public key to any server and then unlock it by connecting to it with a client that already has the private key. When we connect the server its private key and public key coordinate and the server access without the need of password. For more security you can protect the private key with a passphrase.

    Senario:

    SSH Client Host: 192.168.18.112
    SSH Remote Host: 192.168.18.111
    

    Generate SSH Key Pair:

    First you need to create the SSH key pair (RSA & DSA) on client machine by passing ‘-t’ parameter in command. If you don’t use ‘-t’ parameter the by default it use RSA.

    # ssh-keygen -t rsa
    

    Sample Output:

    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/techoism/.ssh/id_rsa): [Press enter key]
    Created directory '/home/techoism/.ssh'.
    Enter passphrase (empty for no passphrase): [Press enter key]
    Enter same passphrase again: [Press enter key]
    Your identification has been saved in /home/techoism/.ssh/id_rsa.
    Your public key has been saved in /home/techoism/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:TXQ3thgtpldsklriHIG3LcpvdkOaogwXBtWeaM2ejzZZ support@techoism.com
    The key's randomart image is:
    +--[ RSA 2048]----+
    |        ..+oo+*+o|
    |         o. o.o  |
    |          ..   . |
    |         o  . . o|
    |        E . o .+ |
    |       . .    . o|
    |      . o o o +..|
    |       + +       |
    |        +..+     |
    +-----------------+
    

    Above command will create two file on user home directory.
    1. /home/techoism/.ssh/id_rsa [private key]
    2. /home/techoism/.ssh/id_rsa.pub [public key]

    Create .ssh Directory on Remote Host:

    After generating the SSH key pair, now you can create .ssh directory for dennis user using following command.

    # ssh dennis@192.168.18.111 mkdir -p .ssh
    
    The authenticity of host '192.168.18.111 (192.168.18.111)' can't be established.
    RSA key fingerprint is 45:0e:28:11:d6:81:62:16:04:3f:db:38:02:la:22:4e.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.18.111' (ECDSA) to the list of known hosts.
    dennis@192.168.18.111's password: [Enter Your Password Here]
    

    Copy Generated SSH Key Pair on Remote Host:

    Users would be able to copy the generated public key into the authorized_keys file of the remote host using the ssh-copy-id command.

    # ssh-copy-id dennis@192.168.18.111
    

    As an alternative, you may copy the generated public key by using SSH command.

    # cat /home/techoism/.ssh/id_rsa.pub | ssh dennis@192.168.18.111 "cat >> ~/.ssh/authorized_keys"
    

    Set Permissions on Remote Host:

    Some time there is different SSH version on servers, so we need to set the permissions on .ssh directory on remote host.

    # ssh dennis@192.168.18.111 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
    

    Verify SSH Connection:

    Now simply try to SSH from client host to remote host.

    # ssh dennis@192.168.18.111
    

    Now It will not prompt the password to log in, If ssh command prompt password then there is an issue in configuration. So you need to configure it again.

    Enjoy it!

    No Responses

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    The reCAPTCHA verification period has expired. Please reload the page.