This article demonstrates How to Generating and use SSH Keys on Ubuntu 20.04
SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
To access a remote server without using a password, an SSH key is the best solution. Several cryptographic algorithms can be used to generate SSH public and private key pairs, such as RSA, DSA, and ECDSA.
In this tutorial, we are going to use RSA as cryptographic algorithms to generate SSH key pairs.
1. The first step is generating the RSA Keypair on your workstation.
in your workstation run below command
ssh-keygen -t rsa -b 4096
This will ask for a location to save the RSA keys.
Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa):
Press ENTER to the default location on the
.ssh directory inside the home directory
The next prompt asks to enter a passphrase of a subjective length to secure your private key. Press ENTER to leave this blank if you do not want a passphrase. If you give any passphrase, we have to use it every time we use the private key as an extra security measure.
Enter passphrase (empty for no passphrase): Enter same passphrase again:
Output will be
Your identification has been saved in /home/user/.ssh/id_rsa Your public key has been saved in /home/user/.ssh/id_rsa.pub The key fingerprint is: SHA256:zxczxczxczxczxczxczxczxczxczxc user@user_server The key's randomart image is: +---[RSA 4096]----+ | .o.oo==*oo.| | .o o =o+o=+=| | .o.+ o ..o.*+| | o..o . . o.o| | +. C o| | o= . | | K..o | | ++.. | | o+=o | +----[SHA256]-----+
.ssh hidden directory and we can see 3 files inside there.
ll .ssh total 8.0K -rw------- 1 0 Nov 25 03:02 authorized_keys -rw------- 1 3.4K Nov 29 09:03 id_rsa -rw-r--r-- 1 756 Nov 29 09:03 id_rsa.pub
id_rsa: The private key. DO NOT SHARE THIS FILE!
id_rsa.pub: The associated public key. This can be shared.
2. Copying your Public SSH Key to a Server
As a next step, we have to copy the public key to the remote server, which we like to access via
ssh. Here we create a key file inside the remote host and copy the public key content to that file.
cat ~/.ssh/id_rsa.pub | ssh user@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
prompt asks for the password for the remote server
The authenticity of host 'xx.xxx.xx.xxx (xx.xxx.xx.xxx)' can't be established. ECDSA key fingerprint is SHA256:asdasdasdasdasdasdasdasdasd. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'xx.xxx.xx.xxx' (ECDSA) to the list of known hosts. email@example.com's password:
as an extra step, give proper access to the remote host key file and ssh folder
#on remote host chmod 700 .ssh chmod 600 .ssh/authorized_keys
3. Verify the remote access via SSH
Now we have to verify the
ssh connection to the remote host without a password. We run the simple command to list down folder content inside the remote host
ssh firstname.lastname@example.org ls
Now you can see the list of the file inside the remote folder.