-
- Joined
- Mar 22, 2026
-
- Messages
- 337
-
- Reaction score
- 0
-
- Points
- 0
SSH (Secure Shell) keys provide a highly secure and convenient method for authenticating to remote servers, eliminating the need for password-based authentication which can be vulnerable to brute-force attacks and phishing. This guide will walk you through understanding, generating, and using SSH keys for robust access management.
What are SSH Keys?
SSH keys come in a pair: a public key and a private key.
When you attempt to connect to a server configured with your public key, your local SSH client uses your private key to prove your identity to the server. If the keys match, authentication is successful without ever transmitting a password.
Generating Your SSH Key Pair
Most Unix-like systems (Linux, macOS) and Windows with Git Bash or WSL come with
1. Open your terminal.
2. Execute the command:
*
*
*
3. Choose a file to save the key:
The default location is
4. Enter a passphrase (highly recommended):
You'll be prompted to enter a passphrase. This encrypts your private key on your local machine. Even if someone gains access to your private key file, they cannot use it without the passphrase. Leave it blank for no passphrase (less secure, but convenient for automated scripts).
After generation, you'll have two files in your
*
*
Permissions Check: Ensure your private key has restricted permissions. It should typically be readable only by you (
Adding Your Public Key to a Server
To use your SSH key for authentication, your public key must be placed in the
Method 1: Using
This is the easiest and safest method.
You'll be prompted for the password of
Method 2: Manual Copy
If
1. Copy the content of your public key:
Copy the entire output, starting with
2. Connect to the remote server using password authentication:
3. Create the
4. Append your public key to
Replace
Connecting with SSH Keys
Once your public key is on the server, you can connect simply by:
If your private key has a passphrase, you'll be prompted to enter it. If you have multiple keys, SSH will try them in order. If your private key is not
Using
Typing your passphrase every time you connect can be tedious.
1. Start the agent (if not already running):
2. Add your private key to the agent:
You'll be prompted for your passphrase. Once entered, the key is loaded into the agent until your session ends or you explicitly remove it.
Best Practices
By implementing SSH keys, you significantly enhance the security and efficiency of your remote access, making it an essential tool for any tech professional.
What are SSH Keys?
SSH keys come in a pair: a public key and a private key.
- Public Key: This key can be freely shared and is placed on the servers you wish to access. It acts like a digital lock.
- Private Key: This key must be kept absolutely secret and secure on your local machine. It acts like the unique key that can open the digital lock created by its corresponding public key.
When you attempt to connect to a server configured with your public key, your local SSH client uses your private key to prove your identity to the server. If the keys match, authentication is successful without ever transmitting a password.
Generating Your SSH Key Pair
Most Unix-like systems (Linux, macOS) and Windows with Git Bash or WSL come with
ssh-keygen.1. Open your terminal.
2. Execute the command:
Code:
bash
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"-t rsa: Specifies the key type (RSA is common and secure). ECDSA or ED25519 are also strong alternatives.*
-b 4096: Specifies the number of bits in the key (4096 is a strong recommendation).*
-C "your_email@example.com": Adds a comment to the public key, useful for identifying the key's owner or purpose.3. Choose a file to save the key:
The default location is
~/.ssh/id_rsa. Press Enter to accept the default, or specify a different path if you manage multiple keys.4. Enter a passphrase (highly recommended):
You'll be prompted to enter a passphrase. This encrypts your private key on your local machine. Even if someone gains access to your private key file, they cannot use it without the passphrase. Leave it blank for no passphrase (less secure, but convenient for automated scripts).
After generation, you'll have two files in your
~/.ssh directory:*
id_rsa (your private key)*
id_rsa.pub (your public key)Permissions Check: Ensure your private key has restricted permissions. It should typically be readable only by you (
chmod 600 ~/.ssh/id_rsa).Adding Your Public Key to a Server
To use your SSH key for authentication, your public key must be placed in the
~/.ssh/authorized_keys file on the remote server.Method 1: Using
ssh-copy-id (Recommended)This is the easiest and safest method.
Bash:
ssh-copy-id username@remote_hostusername@remote_host one last time. It will then copy your public key and set the correct permissions.Method 2: Manual Copy
If
ssh-copy-id isn't available or you prefer manual control:1. Copy the content of your public key:
Code:
bash
cat ~/.ssh/id_rsa.pubssh-rsa and ending with your comment.2. Connect to the remote server using password authentication:
Code:
bash
ssh username@remote_host3. Create the
.ssh directory and authorized_keys file if they don't exist:
Code:
bash
mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys4. Append your public key to
authorized_keys:
Code:
bash
echo "PASTE_YOUR_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys"PASTE_YOUR_PUBLIC_KEY_HERE" with the content copied in step 1.Connecting with SSH Keys
Once your public key is on the server, you can connect simply by:
Bash:
ssh username@remote_host~/.ssh/id_rsa, you might need to specify it:
Bash:
ssh -i ~/.ssh/my_other_key username@remote_hostUsing
ssh-agent for ConvenienceTyping your passphrase every time you connect can be tedious.
ssh-agent is a program that runs in the background, holding your decrypted private keys in memory. You unlock them once, and ssh-agent handles authentication for subsequent connections.1. Start the agent (if not already running):
Code:
bash
eval "$(ssh-agent -s)"2. Add your private key to the agent:
Code:
bash
ssh-add ~/.ssh/id_rsaBest Practices
- Always use a strong passphrase: This protects your private key even if it falls into the wrong hands.
- Never share your private key.
- Keep private key permissions strict:
chmod 600 ~/.ssh/id_rsa. - Disable password authentication on servers: Once SSH key authentication is working, consider disabling password login in
/etc/ssh/sshd_config(setPasswordAuthentication no) for enhanced security. Remember to test your key access thoroughly before doing this to avoid locking yourself out. - Use different keys for different purposes/servers: This limits the blast radius if one key is compromised.
- Regularly review and rotate keys: Especially for critical systems.
By implementing SSH keys, you significantly enhance the security and efficiency of your remote access, making it an essential tool for any tech professional.