Essetee's Website

Generating SSH keys

With the following command we will generate our ssh keys.

    ssh-keygen -t rsa -b 4096

The -b is the RSA algorithm with 4096 key size. The standard algorithm is 2048. 4096 is a stronger algorithm what I'd personally recommend, since it's sufficiently secure and widely supported.

If you want to use ssh without password, when asking for a passphrase while generating the key, just leave it blank.

You can also make a second key with the ed25519 encryption

    ssh-keygen -t ed25519

If you make a key you get someting like that:

ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/serge/.ssh/id_ed25519):

You can choose here what the name is of the key. You can make it personal.

ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/serge/.ssh/id_ed25519):/home/serge/.ssh/gaston

Then the key will be saved as gaston. Maybe I have a remote server from my friend gaston, then I will use that key to connect to his server.

Some sites accept sometimes only the rsa or ed25519 keys.

Now that you have your keys, you need it to upload to the server where you want to login. Be sure you have an account on the remote server.

Before we continue be sure your .ssh folder and the files within have the right permissions.

chmod 0700 .ssh
chmod 0600 .ssh/*

You now have 2 possibilties to upload your key.

  1. Via ssh-copy-id

    This is the most common method but, sometimes it will fail and then the second option is an alternative.

    Use the command: ,ssh-copy-id YOUR_USERNAME@SERVER_NAME or ssh-copy-id YOUR_USERNAME@IP_ADDRESS

    If everything goes well, you will get a message that you now can use your ssh key.

    Use your ssh-key to login on the server: ssh server_name or ip_address

    If you don't sepecify a key, he will upload all your keys to the server. You can avoid that by specifying a key with the -i option

    ssh-copy-id -i ~/.ssh/gaston serge@192.168.1.200

  2. Via scp

    cd into your .ssh folder. If you list the content you will see a file id_rsa.pub. This is your public key that you need to upload

    with the command scp id_rsa.pub YOUR_USERNAME@SERVER_NAME or IP_ADDRESS:~/.ssh/authorized_keys

    Use your ssh-key to login on the server: ssh server_name or ip_address

Sometimes you can have multiple servers to login. To make it easier, we can create inside or .ssh folder a config file. nano ~/.ssh/config

Host ubuntu
    User serge
    Port 22
    IdentityFile ~/.ssh/id_rsa
    HostName 192.168.1.103

The syntax is clear. Save the file. Then you can do: ssh ubuntu and the config file will provide the needed credentials. Of course you can add more hosts to the config file.

Host ubuntu
    User serge
    Port 22
    IdentityFile ~/.ssh/id_rsa
    HostName 192.168.1.103

Host rpi400
    User serge
    Port 22
    IdentityFile ~/.ssh/id_rsa
    HostName 192.168.0.105

No need to say, that backing up your ssh keys is important.