How to Setup Private and Public SSH Server Keys
I use Git Bash on Windows but these instruction should work on just about any Bash-based system (Linux, Mac, etc).
- Create the RSA Key Pair
- Store the Keys and the Private Key Passphrase
- Copy the Public Key to Your Server
- Add Your Remote Server to Your SSH
Create the RSA Key Pair
ssh-keygen -t rsa
Store the Keys and the Private Key Passphrase
Once you have entered the
ssh-keygen command, you will get a few more questions:
Enter file in which to save the key (/home/<user>/.ssh/id_rsa):
You can press enter here in order to save the file in your home
I like to store my keys in a non-standard path, that only I know about. If you do too, enter the path to the new key. You'll also need to set permissions on the secret path.
Enter passphrase (empty for no passphrase):
It's up to you whether you want to use a passphrase.
Entering a passphrase does have its benefits: the security of a key, no matter how well encrypted, still depends on the fact that it is not visible to anyone else. Should a passphrase-protected private key fall into an unauthorized users possession, they will be unable to log in to its associated accounts until they figure out the passphrase, buying the hacked user some extra time. The only downside, of course, is then having to type the passphrase in each time you use the key pair.
The entire key generation process looks like this:
ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/<user>/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/<user>/.ssh/id_rsa. Your public key has been saved in /home/<user>/.ssh/id_rsa.pub. The key fingerprint is: 4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a The key's randomart image is: +--[ RSA 2048]----+ | .oo. | | . o.E | | + . o | | . = = . | | = S = . | | o + = + | | . o + o . | | . o | | | +-----------------+
The public key is now located in
/home/<user>/.ssh/id_rsa.pub (or wherever you told
ssh-keygen to store it).
The private key is now located in
/home/<user>/.ssh/id_rsa (or whatever path you supplied to
Copy the Public Key to Your Server
Once the key pair is generated, it's time to place the public key on the server that we want to use.
You can copy the public key into the new remote machine's
~/.ssh/authorized_keys file with the
ssh-copy-id command. Make sure to replace the example username and IP address below.
You should see something like this:
The authenticity of host '220.127.116.11 (18.104.22.168)' can't be established. RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '22.214.171.124' (RSA) to the list of known hosts. email@example.com's password:
Now try logging into the machine, with:
You should now be able to log into
firstname.lastname@example.org without being prompted for a password. However, if you set a passphrase, you will be asked to enter the passphrase at that time (and whenever else you log in in the future).
Add Your Remote Server to Your SSH
By default, SSH looks for a
config file in
~/.ssh/config. If this file does not already exist, go ahead and create it.
Make sure that the permissions are correct on this file.
chmod 600 ~/.ssh/config
config file is super handy and allows you to manage many separate public/private keys for many different servers. It also allows nicknaming your server so connecting to your server is as trivial as:
ssh myserver Here's an example of a SSH
Host myserver HostName mydomain.com # Optional. If your SSH connection keeps timing out, try this. ServerAliveInterval 30 # The path to this server's private key file. IdentityFile ~/some/secret/path/.ssh/id.myserver # The unix username to use on the remote server. User rover Host anotherserver HostName myotherdomain.com IdentityFile ~/some/secret/path/.ssh/id.anotherserver User whatever