Skip to content

Instantly share code, notes, and snippets.

@mohanpedala

mohanpedala/SSH_Keypair_Creation.md

Last active March 10, 2018 16:22
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mohanpedala/1b37c27c744e4880c9cce28fb371e928 to your computer and use it in GitHub Desktop.
Save mohanpedala/1b37c27c744e4880c9cce28fb371e928 to your computer and use it in GitHub Desktop.
Download ZIP
Creating SSH-keypair
Raw
SSH_Keypair_Creation.md

Creating SSH-keypair

  1. On any Unix flavoured machine run the below command
ssh-keygen
  1. When you type in the above command and hit enter you will be asked for
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
  1. Enter the Name of the key as requested [For Ex: Sample_key] and hit enter. The machine prompts for a passphrase hit enter and then it again prompts to re-enter the passphrase to continue.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again:
  1. Then you can see the content as below
Your identification has been saved in sample.
Your public key has been saved in sample.pub.
The key fingerprint is:
7e:c4:1c:a5:36:38:a5:98:a6:32:64:0d:7c:76:1a:75 root@node2
The key's randomart image is:
+--[ RSA 2048]----+
| ..  .. E . .    |
|  .o+ .+ + o     |
|  oo.++ + =      |
| o  .o   = o     |
|  o .   S +      |
|   o   . .       |
|        . .      |
|         .       |
|                 |
+-----------------+
  1. Now type ls at the present working directory you can find two files on with filename and other file is with a .pub extension [For Ex: Sample_key Sample_key.pub]

CHOOSING AN ALGORITHM AND KEY SIZE

SSH supports several public key algorithms for authentication keys. These include:

  • rsa - an old algorithm based on the difficulty of factoring large numbers. A key size of at least 2048 bits is recommended for RSA; 4096 bits is better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm may be advisable. It is quite possible the RSA algorithm will become practically breakable in the foreseeable future. All SSH clients support this algorithm.
  • dsa - an old US government Digital Signature Algorithm. It is based on the difficulty of computing discrete logarithms. A key size of 1024 would normally be used with it. DSA in its original form is no longer recommended. ecdsa - a new Digital Signature Algorithm standarized by the US government, using elliptic curves. This is probably a good algorithm for current applications. Only three key sizes are supported: 256, 384, and 521 (sic!) bits. We would recommend always using it with 521 bits, since the keys are still small and probably more secure than the smaller keys (even though they should be safe as well). Most SSH clients now support this algorithm.
  • ed25519 - this is a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Thus its use in general purpose applications may not yet be advisable.

The algorithm is selected using the -t option and key size using the -b option. The following commands illustrate:

ssh-keygen -t rsa -b 4096
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment