What is SSH Key?
SSH Key is a Secure Shell key with encryption algorithm which authenticate users to a network. The process of generating SSH Key will give you two strings which are public and private key. The private key should be on your machine and you can add the public key to any server you want to authenticate with. You can choose the algorithm and key size you want while generating the SSH Key between RSA, DSA, ECDSA and ed25519.
Creating SSH Key
The tool or command used to create SSH Key is ssh-keygen
, the command allows you to pass several options. The mostly used options are:
-t
– “Type” for specifying the type of the key.-b
– “Bits” for specifying the number of bits in the key.-f
– “File” for specifying the name of file to store the created key.
SSH Key with RSA algorithm
RSA is an old algorithm which factors large numbers and it supports key sizes of 2048 and 4096 bits.
You can generate the normal RSA key with the following command.
$ ssh-keygen -t rsa
RSA key with 4096 bits
$ ssh-keygen -t rsa -b 4096
RSA key with file name
$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/my-rsa-key
The output will be
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/codekutu/.ssh/my-rsa-key.
Your public key has been saved in /home/codekutu/.ssh/my-rsa-key.pub.
The key fingerprint is:
SHA256:JBhPcRLHQS1lWHslizfLEYJh/rU+F6CMGmJKAoVmb1k codekutu@kompyuta
The key's randomart image is:
+---[RSA 4096]----+
| .. . ==BO= o . |
|.+ E *=..+ = |
|+ . + o o.o O |
|. + o + * * |
|. o o . S + + . |
| o o . o . . |
| . . o . |
| o |
| |
+----[SHA256]-----+
SSH Key with DSA algorithm
DSA is an old US government digital signature algorithm which is based on computing discrete logarithms and it supports key size of 4096.
You can generate DSA key with the following command.
$ ssh-keygen -t dsa
DSA key with a file name
$ ssh-keygen -t dsa -f ~/.ssh/my-dsa-key
The output will be
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/codekutu/.ssh/my-dsa-key.
Your public key has been saved in /home/codekutu/.ssh/my-dsa-key.pub.
The key fingerprint is:
SHA256:IWvgIvk47KWj6WrKHr3SRKCOR7cG9tBDLTnjAaisop8 codekutu@kompyuta
The key's randomart image is:
+---[DSA 1024]----+
| ... o |
|.. B . |
|+ .+.=. . |
|oo=o=. o . |
|*oo=.oo S |
|==oo+. |
|=+++ |
|+*+o. |
|%BE. |
+----[SHA256]-----+
SSH Key with ECDSA algorithm
ECDSA is a new digital signature algorithm which uses elliptic curves and it supports key sizes of 256, 384 and 521 bits.
You can generate the normal ECDSA key with the following command.
$ ssh-keygen -t ecdsa
ECDSA key with 256 bits
$ ssh-keygen -t ecdsa -b 256
ECDSA key with 384 bits
$ ssh-keygen -t ecdsa -b 384
ECDSA key with 521 bits
$ ssh-keygen -t ecdsa -b 521
ECDSA key with a file name
$ ssh-keygen -t ecdsa -b 521 -f ~/.ssh/my-ecdsa-key
The output will be
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/codekutu/.ssh/my-ecdsa-key.
Your public key has been saved in /home/codekutu/.ssh/my-ecdsa-key.pub.
The key fingerprint is:
SHA256:3uvAKk62Lu9aIy31yLBA4+fWWEH1KKNDYNUeZO0pesA codekutu@kompyuta
The key's randomart image is:
+---[ECDSA 521]---+
| o..o+o. |
|. . oo .o |
| o...+o... |
|o oE.o+o |
|...++.. S |
| .oB=+ o . |
| ++X.. + . |
| o*.o . . . |
| .B*.. .o |
+----[SHA256]-----+
SSH Key with ed25519 algorithm
ED25519 is the new algorithm which was added in openSSH and it is used for general purpose applications.
You can generate ed25519 key with the following command.
$ ssh-keygen -t ed25519
ed25519 with a file name
$ ssh-keygen -t ed25519 -f ~/.ssh/my-ed25519-key
The output will be
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/codekutu/.ssh/my-ed25519-key.
Your public key has been saved in /home/codekutu/.ssh/my-ed25519-key.pub.
The key fingerprint is:
SHA256:fdB9pbQZ8Z2QNX4uzsbU2zyfRaAQCydh2YuU/ATdevI codekutu@kompyuta
The key's randomart image is:
+--[ED25519 256]--+
| .*Bo. .*+.|
| .=+++.+o*=|
| . ++o. *o=|
| ..=o.. =.|
| S .+o o +|
| .E= +o|
| =o+|
| . =|
| ..|
+----[SHA256]-----+
Copying the public key
Once you generate the public and private keys, the public which has a .pub
extension is the one which you can put on any server you want to connect with.
With ssh-copy-id
command you can copy your public key to the server authorized_keys file. Don’t forget to replace the username and the server IP address on the following command.
$ ssh-copy-id [email protected]
Also you can use the SSH
and cat
commands as follows.
$ cat ~/.ssh/my-rsa-key.pub | grep ssh [email protected] “mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys”
Add comment