how to create ssh keys in linux

Secure Shell Key Pair Generation on Linux Systems

This document details the process of generating and managing Secure Shell (SSH) key pairs, crucial for secure remote access to Linux systems. SSH keys provide a more secure alternative to password-based authentication.

Key Pair Components

An SSH key pair consists of two files: a private key and a public key. The private key must be kept secret and secure; it should never be shared. The public key can be freely distributed; it is used to verify the authenticity of the private key holder.

Generating an SSH Key Pair

The ssh-keygen command is used to generate key pairs. Various options control the key type, size, and location. The most common key type is RSA (Rivest-Shamir-Adleman), though others like ECDSA (Elliptic Curve Digital Signature Algorithm) and Ed25519 are also available and often preferred for their enhanced security and performance.

Command-Line Usage

The basic command is:

ssh-keygen -t [key_type] -b [key_size] -f [filename]
  • -t [key_type]: Specifies the key algorithm (e.g., rsa, ecdsa, ed25519). ed25519 is generally recommended for its speed and security.
  • -b [key_size]: Specifies the key size in bits (e.g., 2048, 4096). Larger key sizes offer greater security but may be slower.
  • -f [filename]: Specifies the filename for the key pair. The private key will be saved with a .pem or .ppk extension (depending on the key type and parameters) and the public key with a .pub extension. Omitting this argument uses a default location and filename.

During execution, the command will prompt for a passphrase to protect the private key. A strong, unique passphrase is highly recommended.

Managing SSH Keys

Adding the Public Key to the Remote Server

Once the key pair is generated, the public key must be added to the authorized_keys file on the remote server. This allows the client system to authenticate without needing a password.

Authorized Keys File Location

The authorized_keys file is typically located in ~/.ssh/authorized_keys on the remote server. It may be necessary to create the .ssh directory if it doesn't exist.

Methods for Key Transfer

  • Secure Copy (SCP): Use the scp command to securely copy the public key to the remote server.
  • SSH Copy-ID: The ssh-copy-id command simplifies the process of adding a public key to a remote server.

Key Considerations

  • Key Security: Protect your private key with a strong passphrase and store it securely. Compromising the private key grants access to the remote server.
  • Key Size: Choose an appropriate key size based on security requirements and performance considerations.
  • Key Type: ed25519 is generally recommended for new keys due to its security and performance benefits.