Linux / Unix ssh-keygen: Create A Host Key File

How do I create a host key file to use with my applications as I can not use system defined /etc/ssh/ssh_host_rsa_key for non-root account under Linux / Unix / Apple OS X / *BSD operating systems?

You need to use a command called ssh-keygen. This command generates, manages and converts authentication keys for ssh. It can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. he type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections. The -f option specifies the filename of the key file.

Why create a new host key files?

You may need a new key file:

Your system is compromised.
Your keys are stolen.
You forgotten the passphrase.
Your application need a new host key.
You can not read the default system key files stored in /etc/ssh/ directory but your non-root application needs key.
You got an error message which read as “Could not load host key: /etc/ssh/ssh_host_key*”.

ssh-keygen Syntax

The syntax is:

ssh-keygen -t 'rsa|dsa|rsa1'  -f /path/to/file

Example

Create a host key file in your $HOME/.ssh/myapp as follows. First, create a directory to store your host key file, enter:
$ mkdir -p $HOME/.ssh/myapp
To create a host RSAv2 key file, run:
$ ssh-keygen -t rsa -f $HOME/.ssh/myapp/rsa_key_file
Sample outputs:

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/vivek/.ssh/myapp/rsa_key_file.
Your public key has been saved in /home/vivek/.ssh/myapp/rsa_key_file.pub.
The key fingerprint is:
73:d0:e9:0a:5d:a3:3f:78:33:5d:0d:fe:e4:f4:25:39 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|         . .     |
|        . =   .  |
|       . = . . + |
|      . S o   E =|
|       . * . . Bo|
|        o * .   +|
|         . +     |
|                 |
+-----------------+

Type the following commands to verify the keys:
$ ls -l $HOME/.ssh/myapp/
Sample outputs:

total 8
-rw------- 1 vivek vivek 1675 Oct 29 23:12 rsa_key_file
-rw-r--r-- 1 vivek vivek  393 Oct 29 23:12 rsa_key_file.pub

You can now use keys with your app:
$ mycool-app -key $HOME/.ssh/myapp/rsa_key_file -d

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

1 comment

nixCraft