create SSH key pairs

SSH Keys and Public Key Authentication

The SSH protocol uses public key cryptography for authenticating hosts and users. The authentication keys, called SSH keys, are created using the keygen program.

SSH introduced public key authentication as a more secure alternative to the older .rhosts authentication. It improved security by avoiding the need to have password stored in files, and eliminated the possibility of a compromised server stealing the user's password.

However, SSH keys are authentication credentials just like passwords. Thus, they must be managed somewhat analogously to user names and passwords. They should have a proper termination process so that keys are removed when no longer needed.

How to generate SSH key pairs and authen

##### generate a secure ssh key pair (for now this is the best supported and most universal algorithm)
# STEP 1
ssh-keygen -t ecdsa -b 521 # this will default be set to the map ~/.ssh/id_ecdsa (~/.ssh/id_ecdsa = /home/$USER/.ssh/id_ecdsa)
ssh-keygen -f /home/testUser/testUser-key-ecdsa -t ecdsa -b 521 # or specify where to write the file (not recommended for new users)
##### copy the id 
# To use public key authentication, the public key must be copied to a server 
# and installed in an authorized_keys file. This can be conveniently done using the ssh-copy-id tool. Like this:
# STEP 2
ssh-copy-id user@remoteHost # now our public key will be written to another server that serves the "ssh" service, we need to be able to login with username/password
ssh-copy-id -i /home/testUser/Documents/.ssh/id_ecdsa.pub user@remoteHost # in case you need to get the file from another location then ~/.ssh/id_ecdsa.pub
##### login to the target host
# after you have generated the ssh keys, copyed your id to the remote host, and fulfilled the steps, you are able to login to the remote system
# STEP 3
ssh user@host # from this point authentication will be done with the ssh keys, IF the PRIVATE key is present in the directory ~/.ssh/
ssh -i <PRIVATE KEY> user@host # if your private key is not present in the default directory, you can attach it by using the -i option

# example : 
ssh test@172.16.15.129 # ssh to remote host
ssh -i ~/testkey test@172.16.15.129 # ssh to remote host, with an private key used

# set the correct permissions, if you get a message the private key privileges is to loose
chmod 600 <PRIVATE KEY>

authorized keys file

The authorized_keys file in SSH specifies the SSH keys that can be used for logging into the user account for which the file is configured. It is a highly important configuration file, as it configures permanent access using SSH keys and needs proper management.

Once you add a public key under a specific user, the file "authorized keys" will be created in ~/.ssh/, or when more public keys are created under the same linux user, more public keys will be added to the "authorized keys" file.

to read all authorized public keys, added on a "specific user" use the following command cat ~/.ssh/authorized_keys (remote host)

PreviousSSH - 22Nextscp

Last updated