How do I create a host key file to use with my applications as I can not use system defined /etc/ssh/ssh_host_rsa_key for non-root account under Linux / Unix / Apple OS X / *BSD operating systems?
You need to use a command called ssh-keygen. This command generates, manages and converts authentication keys for ssh. It can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. he type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections. The -f option specifies the filename of the key file.
Why create a new host key files?
You may need a new key file:
- Your system is compromised.
- Your keys are stolen.
- You forgotten the passphrase.
- Your application need a new host key.
- You can not read the default system key files stored in /etc/ssh/ directory but your non-root application needs key.
- You got an error message which read as “Could not load host key: /etc/ssh/ssh_host_key*”.
The syntax is:
ssh-keygen -t 'rsa|dsa|rsa1' -f /path/to/file
Create a host key file in your $HOME/.ssh/myapp as follows. First, create a directory to store your host key file, enter:
$ mkdir -p $HOME/.ssh/myapp
To create a host RSAv2 key file, run:
$ ssh-keygen -t rsa -f $HOME/.ssh/myapp/rsa_key_file
Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/vivek/.ssh/myapp/rsa_key_file. Your public key has been saved in /home/vivek/.ssh/myapp/rsa_key_file.pub. The key fingerprint is: 73:d0:e9:0a:5d:a3:3f:78:33:5d:0d:fe:e4:f4:25:39 vivek@wks01 The key's randomart image is: +--[ RSA 2048]----+ | | | . . | | . = . | | . = . . + | | . S o E =| | . * . . Bo| | o * . +| | . + | | | +-----------------+
Type the following commands to verify the keys:
$ ls -l $HOME/.ssh/myapp/
total 8 -rw------- 1 vivek vivek 1675 Oct 29 23:12 rsa_key_file -rw-r--r-- 1 vivek vivek 393 Oct 29 23:12 rsa_key_file.pub
You can now use keys with your app:
$ mycool-app -key $HOME/.ssh/myapp/rsa_key_file -d