How do I generate ssh keys under Linux / UNIX / Mac OS X and BSD operating systems for remote login?
SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if required. You can create ssh keys as follows under any Linux or UNIX like operating systems including Mac OS X.
ssh-keygen Command
The ssh-keygen generates, manages and converts authentication keys for ssh client and server usage. Type the following command to generate ssh keys (open terminal and type the command):
$ ssh-keygen
Sample outputs:
Generating public/private rsa key pair. Enter file in which to save the key (/home/vivek/.ssh/id_rsa): Created directory '/home/vivek/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/vivek/.ssh/id_rsa. Your public key has been saved in /home/vivek/.ssh/id_rsa.pub. The key fingerprint is: 58:3a:80:a5:df:17:b0:af:4f:90:07:c5:3c:01:50:c2 vivek@debian The key's randomart image is: +--[ RSA 2048]----+ | .+o++o. | | +E. ++ | | o . o o. | | . o B . | | . B S | | * | | . . | | o | | . | +-----------------+
The above command creates ~/.ssh/ directory. So if your user name is vivek, than all files are stored in /home/vivek/.ssh/ or $HOME/.ssh/ directory as follows:
- $HOME/.ssh/id_rsa - Your private key
- $HOME/.ssh/id_rsa.pub - Your public key
Please note that the passphrase must be differnet from your current password and do not share keys or passphrase with anyone.
Keys Are Generated, What Next?
You need to copy $HOME/.ssh/id_rsa.pub file to remote server so that you can login using keys instead of the password. Use any one of the following command to copy key to remote server called vpn22.nixcraft.net.in for vivek user:
ssh-copy-id vivek@vpn22.nixcraft.net.in
On some system ssh-copy-id is not installed, so use the following commands (when prompted provide the password for remote user account called vivek):
ssh vivek@vpn22.nixcraft.net.in umask 077; mkdir .ssh
cat $HOME/.ssh/id_rsa.pub cat >> .ssh/authorized_keys
To login simply type:
ssh vivek@vpn22.nixcraft.net.in
The following command will help to remember passphrase
exec ssh-agent $SHELL
ssh-add
ssh vivek@vpn22.nixcraft.net.in
Recommend readings:
- Howto Linux / UNIX setup SSH with DSA public key authentication (password less login)
- sshpass: Login To SSH Server / Provide SSH Password Using A Shell Script
- keychain: Set Up Secure Passwordless SSH Access For Backup Scripts
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 0 comments… add one now }