In this article I explain how to generate SSH keys to gain secure server access. SSH, or Secure Shell, is an essential protocol used to establish secure connections between servers and clients across unsecured networks. The use of SSH keys, which provide a robust method for authentication and authorization, is a critical component of SSH security. This article will provide an in-depth analysis of the procedure involved in generating SSH keys, equipping you with the essential resources to bolster the security stance of your server.

Check for existing SSH keys

Before generating a new SSH key, you should check if you already have one. To check if you have an existing SSH key, run the following command in your terminal:

ls -al ~/.ssh

If you see a file named id_rsa.pub or id_dsa.pub, then you already have an SSH key pair. The id_rsa.pub file is the public key, and the id_rsa file is the private key. If you don’t have an SSH key pair, then proceed to the next step.

Generate a new SSH key

To generate a new SSH key, run the following command in your terminal:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

This command will generate a new SSH key pair using the RSA algorithm with a 4096-bit key size. You can replace “[email protected]” with your own email address or any other identifier that you prefer. You will be prompted to enter a file name and a passphrase.

Choose a file name and passphrase

When prompted for a file name, you can accept the default by pressing Enter or specify a custom name. The default file name is id_rsa, which will be stored in the .ssh directory in your home directory.

You will also be prompted to enter a passphrase. A passphrase is a password-like phrase that is used to encrypt your private key. You can leave it blank if you don’t want to use a passphrase, but we recommend using one for added security. Make sure to choose a strong passphrase that is difficult to guess.

Add your SSH key to the ssh-agent

To use your SSH key, you need to add it to the ssh-agent, which is a program that manages SSH keys. To add your key, run the following command:

ssh-add ~/.ssh/id_rsa

This command will add your SSH private key to the ssh-agent. If you used a custom file name for your key, replace id_rsa with your custom file name.

Add your public key to the remote server

To use your SSH key to access a remote server, you need to add your public key to the server’s authorized_keys file. To do this, copy the contents of your public key file (id_rsa.pub) print your public key terminal and then copy:

cat ~/.ssh/id_rsa.pub

Then, log in to the remote server and navigate to the .ssh directory in your home directory. If the directory does not exist, create it with the following command:

mkdir ~/.ssh

Then, create or open the authorized_keys file in a text editor and paste your public key into the file. Save and close the file.

Test your SSH connection

To test your SSH connection, run the following command:

ssh username@remote_host

Replace username with your username on the remote server and remote_host with the hostname or IP address of the remote server. If everything is set up correctly, you should be prompted for your passphrase (if you set one), and then logged in to the remote server.

Congratulations! You have successfully generated an SSH key and added it to your ssh-agent and remote server. You can now use your SSH key to securely access remote servers and services without having to enter your password each time.

Final thoughts

SSH keys are a crucial tool for secure remote access and should be used whenever possible. By generating and using SSH keys, you can significantly improve the security of your remote connections and protect your data from unauthorized access. Remember to keep your private key safe and secure and never share it with anyone.

Got any queries or feedback? Feel free to drop a comment below!