SSH Key, known as Secure Shell keys, provide a highly secure method for accessing Linux servers compared to conventional passwords.

In the realm of DevOps, SSH key-based authentication is a staple for interacting with Linux servers. Across various cloud platforms, the use of SSH keys for server authentication is not only recommended but often the preferred choice due to its robust security measures.

This blog post sets out to offer an exhaustive, step-by-step walkthrough on generating an SSH key pair. This process is vital for authenticating Linux servers and applications that rely on the SSH protocol, all achieved using the tool SSH-keygen.

SSH-Keygen

The ssh-keygen utility serves as the go-to tool for generating SSH keys and comes pre-installed in both Linux and macOS systems.

To explore the functionalities and available options within the ssh-keygen utility, the man command proves invaluable. Utilize the following command to gain comprehensive insights into its usage: 

man ssh-keygen

Exploring various methods and options for generating SSH keys opens up a range of possibilities.

Steps to Create an SSH Key

Follow the steps given below to create an SSH key.

Step 1: Open the Terminal

Open the workstation terminal if you are using a laptop to Desktop.
If you are using a headless server, proceed to the next step.

Step 2: Generate the Key Pair

Executing below command in your terminal will generate an SSH key pair and save it in the default $HOME/.ssh location. The private key will be named id_rsa, while the corresponding public key will be named id_rsa.pub.

ssh-keygen

Step 3: Save the Key

The ssh-keygen command will prompt for the following options.

  • Specify Key File Location: Enter the local path to store the SSH private key. If no location is specified, it will default to the SSH directory ($HOME/.ssh).

  • Set Passphrase (Optional): Assign a passphrase to safeguard the SSH private key. Leaving this empty is permissible. If a passphrase is chosen, you’ll need to confirm it.

key-pair-terminal

Step 4: Key Created

Congratulations on generating an SSH key pair! Once generated, you’ll discover two key files: id_rsa (the private key) and id_rsa.pub (the public key). These files typically reside in the ~/.ssh/ directory on your system.

Generate SSH Keys With Custom Options

Let’s explore an example of using ssh-keygen with custom options to generate SSH keys.

The command below demonstrates the creation of an SSH key named ssh-key within the $HOME/.ssh directory. It includes a username vagrant specified by the -C flag and sets the passphrase as mysecret using -q -P flags.

ssh-keygen -t rsa -f ~/.ssh/ssh-key -C vagrant -b 4096 -q -P "mysecret"

Let’s look at the flags.

  • -t rsa : It is the ssh key algorithm. It is the default algorithm used by ssh-keygen.
  • -f : keyfile name.
  • -q -P : To add passphrase without prompt
  • -b : Key Encryption Level. The default is 2048 bits
  • -C : To set the comment in the last line of the public key. It is typically used to replace the default username set by the command. You can also use this flag to set the server username.

Conclusion

SSH public/private key pairs are fundamental for securing Linux systems. Following the steps outlined in this guide ensures an added layer of security.

Adhering to the best security practices with SSH keys is paramount. Misuse or mishandling of private keys can lead to vulnerabilities. Always prioritize safeguarding and securely managing your private keys to prevent any potential security risks.