Good content takes time and effort to come up with.

Please consider supporting us by just disabling your AD BLOCKER and reloading this page again.







Generate SSH Key with ssh-keygen In Linux / Unix


Share On     Share On WhatsApp     Share On LinkedIn


When you need to securely connect from your computer to server without any passwords then one of the best solution which exists for longer time is SSH. This works with SSH public and private key exchange between your computer and server.


With great power comes great responsibility. What I meant over here is, if you loose public and private keys then you will be permanently locked out from accessing your server.


Step 1 - Check If SSH Key Already Exists


Open terminal and run the following command, if already SSH keys exists then it will list the key pairs (id_rsa, id_rsa.pub)


ls -la ~/.ssh

Step 2 - Generate New SSH Key


To generate new public and private key pair run the following command. Make sure you don't share id_rsa key with anyone and remember to keep it safe.


ssh-keygen -t rsa -b 4096 -C "your_email@gmail.com"


-t - Type of the key you want to generate RSA, DSA. But RSA is very secure so better stick with it.


-b - Number of bits then key needs to be generated. The higher the bits the more its secure. Keep 4096 bits its very secure one.

-C - comments


When you add the above command you will get the following confirmation


ssh-keygen -t rsa -b 4096 -C "your_email@gmail.com"

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/channaveer/.ssh/id_rsa):


Make sure to cross verify the path and be-careful with the following points:

  1. If your already having id_rsa file then it will overwrite that if you proceed and you wont be able to get back the older keys.
  2. Good thing is you can rename with the alternate name

Since I already have id_rsa key I will rename it to id_rsa_testing. Like the following:


ssh-keygen -t rsa -b 4096 -C "your_email@gmail.com"

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/channaveer/.ssh/id_rsa):id_rsa_testing


Now it will ask you to enter passphrase and confirm the passphrase. If you want you can leave it empty. Its like one level security added before proceeding.


ssh-keygen -t rsa -b 4096 -C "your_email@gmail.com"

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/channaveer/.ssh/id_rsa):id_rsa_testing

Enter passphrase (empty for no passphrase):

Enter same passphrase again: 


After confirm the passphrase then it will generate random art image. So the following is the complete process in one glance


ssh-keygen -t rsa -b 4096 -C "your_email@gmail.com"

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/channaveer/.ssh/id_rsa):id_rsa_testing

Enter passphrase (empty for no passphrase):

Enter same passphrase again: 

Your identification has been saved in id_rsa_testing.

Your public key has been saved in id_rsa_testing.pub.

The key fingerprint is:

SHA256:sqWiJ1O0KQuj4LfzTlXHjFNjgsxVXx4pe7oeg0Vd1dw your_email@example.com

The key's randomart image is:

+---[RSA 4096]----+

     o oo.=   +B|

|       +  B o.+.E|

|         + + ooo |

   .   . o .. . |

|   . o..S    .o  |

|+ . + .=    o.   |

|+o +..o    . o.  |

|..++o.       .o  |

 o==o      ..   |

+----[SHA256]-----+


This creates id_rsa_testing & id_rsa_testing.pub key in ~/.ssh path.


Step 3 - Add SSH Key To ssh-agent


To add SSH key to ssh-agent use the following command


eval "$(ssh-agent -s)"


You get the following output as:

Agent pid 27796


Now its time to add SSH private key to ssh-agent with the following. If you had generated for the 1st time then replace id_rsa_testing with id_rsa. If you have given any other name in the place of id_rsa_testing then replace in the following:


ssh-add ~/.ssh/id_rsa_testing

Now sit back and relax. You have successfully added one level of security. Instead of password logins you can successfully login with SSH keys.


Step 4 - Non Mandatory (But good if you follow up)


Your doing good job pals. When your Admin or your Colleagues ask you to share SSH key then share id_rsa_testing.pub or id_rsa.pub. Never ever share id_rsa or id_rsa_testing keys


Now you can add this SSH key to authorize_keys in your cloud server to give access to you or your colleagues.


Conclusion


In this tutorial you learnt who to securely login from your computer to your server. You have done a great job.


WHATS NEXT?
If your working on your laptop and want to manage multiple SSH keys for example your Personal GIT keys, your Company GIT keys, Your side business company GIT keys then refer my article Managing Multiple GIT Key Pairs Or Account In The Same Computer







Author Image
AUTHOR

Channaveer Hakari

I am a full-stack developer working at WifiDabba India Pvt Ltd. I started this blog so that I can share my knowledge and enhance my skills with constant learning.

Never stop learning. If you stop learning, you stop growing