SSH (Secure Shell) is a foundational tool for secure remote access and management of servers, using encrypted communication to protect sensitive data. If you’re wondering how to generate SSH key with SSH Keygen in Linux, the ssh-keygen command-line tool is used for generating and managing these keys.
Table of Contents:
- What is SSH?
- What is SSH Keygen?
- Types of Files Generated by SSH Keygen
- Generating Key Pair Using SSH Keygen
- Copying the Generated Key to the Remote Server
What is SSH?
SSH (Secure Shell), is a networking protocol that provides user secure access to a remote shell. It is the successor to the Telnet protocol which also provided remote shell access to users but a major drawback of Telnet was that the data was transmitted between the user and the remote shell as plaintext making it vulnerable to snooping attacks. Thus, SSH, a newer version of telnet was created to provide secure remote shell access to users in which data is transmitted as ciphertext.
What is SSH Keygen?
Use of Cryptography being the most significant feature of SSH protocol for providing secure remote shell connection, requires a pair of keys which can be used for the encryption and decryption of transmitted data. So, this is where the SSH Keygen came into the picture, SSH Keygen is a command-line utility used to create, manage, and convert authentication keys for the Secure Shell (SSH) protocol. SSH keys are a pair of a public key and a private key used for secure authentication in SSH connections. The SSH Keygen support the following cryptographic algorithms for which it can generate pair of keys-
- RSA: Default for many years but now being replaced by other types.
- ED25519: Faster and smaller; a modern and highly secure default.
- DSA/ECDSA: Older types, less commonly used due to security or compatibility considerations.
Types of files generated by SSH Keygen-
- Protocol Version 1 (Deprecated):
- $HOME/.ssh/identity: RSA private key.
- $HOME/.ssh/identity.pub: RSA public key.
- Protocol Version 2:
- $HOME/.ssh/id_rsa: RSA private key (commonly used).
- $HOME/.ssh/id_rsa.pub: RSA public key.
- $HOME/.ssh/id_dsa: DSA private key (less common).
- $HOME/.ssh/id_dsa.pub: DSA public key.
- Modern Alternative:
- $HOME/.ssh/id_ed25519: Ed25519 private key (secure and efficient).
- $HOME/.ssh/id_ed25519.pub: Ed25519 public key.
Thus, to enable SSH authentication using key pairs, the .pub file (public key) is to be copies to the remote system’s $HOME/.ssh/authorized_keys file where the remote user wants to login.
Generating Key Pair Using SSH Keygen-
To generate SSH key pair using SSH Keygen, use the command below-
$> ssh-keygenUse the command below to view the generated key-
$> cat 
Copying the Generated Key Pairs to the Remote Server-
After generating an SSH key pair, you need to copy the public key (.pub file) to the remote server such the user can use those credentials to access the remote shell via SSH.
Method-1 (Using ssh-copy-id command)
ssh-copy-id is a simple command-line tool automatically copies the public key to the remote server.
So, to copy the public key to the remote server, use the command below-
$> ssh-copy-id username@remote_hostReplace username with your remote server’s username and remote_host with the server’s IP address or hostname.
Once the command is executed the tool will-
- Create the ~/.ssh directory on the remote server (if it doesn’t exist).
- Append the public key from your local ~/.ssh/id_rsa.pub to the remote server’s ~/.ssh/authorized_keys.
Method-2 (Manually copying keys to remote server)
To login to the remote server and create $HOME/.ssh directory use the commands below-
$> ssh @ "umask 077; test -d .ssh || mkdir .ssh" - umask 077: Sets permissions for new files and directories, ensuring only the owner has access.
- test -d .ssh || mkdir .ssh: Checks if the .ssh directory exists; if not, it creates it.
To copy the public key to the $HOME/.ssh directory on the remote server, use the command below-
$> cat $HOME/.ssh/id_rsa.pub | ssh @ "cat >> .ssh/authorized_keys" - cat $HOME/.ssh/id_rsa.pub: This command outputs the contents of your public key (id_rsa.pub) located in the ~/.ssh directory on your local machine.
- | (Pipe): The pipe (|) passes the output from the cat command (your public key) to the next command.
- “cat >> .ssh/authorized_keys”: On the remote server, the cat command appends the received public key to the authorized_keys file inside the .ssh directory, allowing SSH key-based authentication.
SSH (Secure Shell) is an essential protocol for secure remote access and communication between systems. It ensures encrypted data transfer, protecting sensitive information from unauthorized access. The ssh-keygen tool in Linux simplifies generating and managing SSH keys, enabling seamless authentication without the need for passwords. This blog provides a step-by-step guide on how to generate SSH keys with ssh-keygen, view the generated keys, and set up secure access to remote servers.