Using ssh keys

I discovered that I have quite a few ssh articles on my website, but none of them include how to simply setup SSH-keys. It's so simple and so convenient, lets have a closer look.

First, on your workstation, create ssh-keys using ssh-keygen. I use OpenBSD for this example, the output might slightly differ when using another operating system.

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/
The key fingerprint is:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 [email protected]

(The username, hostname and fingerprint have been obfuscated in this example.)

For the record:

  • /home/username/.ssh/id_rsa is your private key. Keep it secure
  • /home/username/.ssh/ is your public key. Distribute is to all machines your want to connect to.

Be sure to use a good passphrase, together with the private key it is the key to your locked world of machines you will connect to. Also; safe the keys to a secure location, like your USB-stick, or a CD-rom. Loosing the private key or its passphrase means you'd have to do this all over again.

Now you need to put the contents of your ~/.ssh/ file into ~/.ssh/authorized_keys on every machine you will want to connect to. Specifically; append your public key to the authorized_keys file, as there might be other public keys in there already. Use this ssh distribute script for it or do it manually.

From now on you can start using your ssh-key, but ssh will constantly prompt you for a passphrase. Annoying, so read on.

You can use an ssh-agent to manage your keys and enter your passphrase just once, as you add your private key to the agent. An article exists that describes these ssh-agent tricks.

That's it, good luck using your ssh-keys.