Copyright

Generating & Adding SSH Keys to a Server

Instructor: David Delony

David is a freelance writer specializing in technology. He holds a BA in communication.

In this lesson, you'll learn how to generate SSH keys to store on a remote server. You'll be able to log in without a password on remote systems and also use a passphrase.

Making Logging In Easier With SSH Keys

SSH (Secure Shell) is nice for accessing remote systems because it offers great security, but wouldn't it be great if there was a way to log in securely without a password?. With SSH, it's possible to create keys that will allow a user to log in without a password. It's very easy and only takes a few minutes to generate a remote key and store it on a remote server.

SSH Public and Private Keys

Let's meet Andrea, who runs a small web design firm. She finds herself repeatedly logging into her client's web server via SSH. She has to put in her username and password every time she needs to maintain a client's website. Even worse, she has multiple clients with different usernames and passwords to remember. This is getting frustrating, but fortunately, she knows how to generate a key pair.

SSH keys work using the concept of a key pair, which includes a public key and a private key. As the name implies, the public key is shared and the private key is kept private. The public key is stored on the remote server. When a user attempts to log in, the SSH server compares the public key on the server to the private key on the user's machine. If the key pair matches, the user logs in.

Generating A Key Pair

Generating a key pair is easy with SSH. On a Mac OS X or Linux system, Andrea just has to use the 'ssh-keygen' command. For extra security, she uses the RSA algorithm:


ssh-keygen


The ssh-keygen command will prompt her for a place to save her key. The default is in the home directory. On Mac or Linux, it's usually /home/user/.ssh/, where 'user' is the username. The generated key pair will have the names 'id_rsa' for the private key and 'id_rsa.pub' for the public key. Because '.ssh' directory starts with a '.' character, it will normally be hidden from directory listings unless you use the 'ls -a' command.

Andrea also has the option of using a passphrase, which is like a password, but is often more complicated than most people's passwords are. They can even be complete sentences. Andrea decides to use one just to make logging in more secure, as the key will make sure it's really her logging in, while the passphrase adds a degree of safety.

The downside of using passphrases is that they can be difficult to remember, but Andrea thinks the extra security is worth it.

On Windows, PuTTY is a popular SSH client. It can also generate a key pair in its setup menu.

Getting Your Public Key On A Server

Now that Andrea's got her key pair generated, how will she get it onto a remote machine? That part is also easy.

There's a command just for that:


ssh-copy


To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account
Support