Instantly share code, notes, and snippets.

What would you like to do?
April 10 2018 - How to Setup SSH Keys

How to Setup Private and Public SSH Server Keys

I use Git Bash on Windows but these instruction should work on just about any Bash-based system (Linux, Mac, etc).

Create the RSA Key Pair

ssh-keygen -t rsa

Store the Keys and the Private Key Passphrase

Once you have entered the ssh-keygen command, you will get a few more questions:

Enter file in which to save the key (/home/<user>/.ssh/id_rsa):

You can press enter here in order to save the file in your home .ssh directory.

I like to store my keys in a non-standard path, that only I know about. If you do too, enter the path to the new key. You'll also need to set permissions on the secret path.

Enter passphrase (empty for no passphrase):

It's up to you whether you want to use a passphrase.

Entering a passphrase does have its benefits: the security of a key, no matter how well encrypted, still depends on the fact that it is not visible to anyone else. Should a passphrase-protected private key fall into an unauthorized users possession, they will be unable to log in to its associated accounts until they figure out the passphrase, buying the hacked user some extra time. The only downside, of course, is then having to type the passphrase in each time you use the key pair.

The entire key generation process looks like this:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/<user>/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/<user>/.ssh/id_rsa.
Your public key has been saved in /home/<user>/.ssh/
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a
The key's randomart image is:
+--[ RSA 2048]----+
|          .oo.   |
|         .  o.E  |
|        + .  o   |
|     . = = .     |
|      = S = .    |
|     o + = +     |
|      . o + o .  |
|           . o   |
|                 |

The public key is now located in /home/<user>/.ssh/ (or wherever you told ssh-keygen to store it).

The private key is now located in /home/<user>/.ssh/id_rsa (or whatever path you supplied to ssh-keygen).

Copy the Public Key to Your Server

Once the key pair is generated, it's time to place the public key on the server that we want to use.

You can copy the public key into the new remote machine's ~/.ssh/authorized_keys file with the ssh-copy-id command. Make sure to replace the example username and IP address below.

ssh-copy-id user@

You should see something like this:

The authenticity of host ' (' can't be established.
RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (RSA) to the list of known hosts.
user@'s password:

Now try logging into the machine, with:

ssh user@

You should now be able to log into user@ without being prompted for a password. However, if you set a passphrase, you will be asked to enter the passphrase at that time (and whenever else you log in in the future).

Add Your Remote Server to Your SSH config File

By default, SSH looks for a config file in ~/.ssh/config. If this file does not already exist, go ahead and create it.

Make sure that the permissions are correct on this file.

chmod 600 ~/.ssh/config

The SSH config file is super handy and allows you to manage many separate public/private keys for many different servers. It also allows nicknaming your server so connecting to your server is as trivial as: ssh myserver Here's an example of a SSH config file:

Host myserver
    # Optional. If your SSH connection keeps timing out, try this.
    ServerAliveInterval 30
    # The path to this server's private key file.
    IdentityFile ~/some/secret/path/.ssh/id.myserver
    # The unix username to use on the remote server.
    User rover

Host anotherserver
    IdentityFile ~/some/secret/path/.ssh/id.anotherserver
    User whatever
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment