Using SSH keys in Linux
Creating a Key Pair
To create a key pair use the ssh-keygen
command. Before running the command check to see if you might already have a key pair. Keys are located in the .ssh/
directory in your home directory. The default key names are id_rsa
for the private key and id_rsa.pub
for the public key. The command
[name@server]$ ssh-keygen -b 2048 -t rsa
will generate output similar to the following
Generating public/private rsa key pair. Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ubuntu/.ssh/id_rsa. Your public key has been saved in /home/ubuntu/.ssh/id_rsa.pub. The key fingerprint is: ef:87:b5:b1:4d:7e:69:95:3f:62:f5:0d:c0:7b:f1:5e ubuntu@test-key The key's randomart image is: +--[ RSA 2048]----+ | | | | | . | | o . | | S o o.| | . + +oE| | .o O.oB| | .. +oo+*| | ... o..| +-----------------+
when prompted you should enter a passphrase. If you already have a key pair saved with the default names you may wish to enter a file name for the saved keys so as not to overwrite an existing key pair.
Connecting using a Key Pair
- Once your key pair has been created, copy the public key (the
/home/ubuntu/.ssh/id_rsa.pub
key file in the above on your local machine) to the/home/USERNAME/.ssh/authorized_keys
file on the server you wish to connect to. If theauthorized_keys
file already exists add your public key as a new line at the bottom of the file using an editor such as vim or nano. - Ensure the file
/home/USERNAME/.ssh/authorized_keys
and directory/home/USERNAME/.ssh/
have the correct permissions withchmod 600 /home/USERNAME/.ssh/authorized_keys
andchmod 700 /home/USERNAME/.ssh
respectively. - If you were not logged in as
USERNAME
while you were creating thisauthrorized_keys
file (e.g. you had administrative privileges on the server and used thesudo
command before the above commands), ensure the owner of the directory/home/USERNAME/.ssh
and the fileauthrorized_keys
are owned by the userUSERNAME
with the commandssudo chown USERNAME:USERNAME /home/USERNAME/.ssh
andsudo chown USERNAME:USERNAME /home/USERNAME/.ssh/authorized_keys
. - Finally test the new key by sshing to the remote machine from the local machine with
[name@server]$ ssh -i /home/ubuntu/.ssh/id_rsa USERNAME@ADDRESS
where
/home/ubuntu/.ssh/id_rsa
specifies your private key file andUSERNAME
is the user name on the remote machine, andADDRESS
is the address of the remote machine. If you have administrative access on the server and created the account for some one else, rather than giving you their private key they should keep the private key and test the connection out themselves. Private keys should remain private.