How To Create SSH Keys on a Linux

SSH (Secure Shell) is an encrypted protocol used to administer and communicate with servers. SSH keys provide a more secure way of logging into a linux server. While a password stands the risk of being finally cracked, SSH keys are rather impossible to translate using brute force. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol.

See Also:

When we generate a key pair then its create two files public key and private key at home directory of users. You can copy the public key to any server and then unlock it by connecting to it with a client that already has the private key. When we connect the server its private key and public key coordinate and the server access without the need of password. For more security you can protect the private key with a passphrase.

Senario:

SSH Client Host: 192.168.18.112
SSH Remote Host: 192.168.18.111

Generate SSH Key Pair:

First you need to create the SSH key pair (RSA & DSA) on client machine by passing ‘-t’ parameter in command. If you don’t use ‘-t’ parameter the by default it use RSA.

# ssh-keygen -t rsa

Sample Output:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/techoism/.ssh/id_rsa): [Press enter key]
Created directory '/home/techoism/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/techoism/.ssh/id_rsa.
Your public key has been saved in /home/techoism/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:TXQ3thgtpldsklriHIG3LcpvdkOaogwXBtWeaM2ejzZZ support@techoism.com
The key's randomart image is:
+--[ RSA 2048]----+
|        ..+oo+*+o|
|         o. o.o  |
|          ..   . |
|         o  . . o|
|        E . o .+ |
|       . .    . o|
|      . o o o +..|
|       + +       |
|        +..+     |
+-----------------+

Above command will create two file on user home directory.
1. /home/techoism/.ssh/id_rsa [private key]
2. /home/techoism/.ssh/id_rsa.pub [public key]

Create .ssh Directory on Remote Host:

After generating the SSH key pair, now you can create .ssh directory for dennis user using following command.

# ssh dennis@192.168.18.111 mkdir -p .ssh

The authenticity of host '192.168.18.111 (192.168.18.111)' can't be established.
RSA key fingerprint is 45:0e:28:11:d6:81:62:16:04:3f:db:38:02:la:22:4e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.18.111' (ECDSA) to the list of known hosts.
dennis@192.168.18.111's password: [Enter Your Password Here]

Copy Generated SSH Key Pair on Remote Host:

Users would be able to copy the generated public key into the authorized_keys file of the remote host using the ssh-copy-id command.

# ssh-copy-id dennis@192.168.18.111

As an alternative, you may copy the generated public key by using SSH command.

# cat /home/techoism/.ssh/id_rsa.pub | ssh dennis@192.168.18.111 "cat >> ~/.ssh/authorized_keys"

Set Permissions on Remote Host:

Some time there is different SSH version on servers, so we need to set the permissions on .ssh directory on remote host.

# ssh dennis@192.168.18.111 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

Verify SSH Connection:

Now simply try to SSH from client host to remote host.

# ssh dennis@192.168.18.111

Now It will not prompt the password to log in, If ssh command prompt password then there is an issue in configuration. So you need to configure it again.

Enjoy it!