Skip to content

Basic SSH Key server administration setup

  • This tutorial assumes that you previously have a server setup with SSH
    • It also assumes that your SSH server currently either has password authentication enabled, or only uses password-based authentication
  • This tutorial assumes you have have a basic understanding of the usage of SSH
  • Finally, this tutorial also assumes a basic understanding of the security implications of public and private keys and how they should be stored securely

SSH Key generation pre-checks

  • Firstly, in-case of overwriting existing SSH keys it is a good idea to check if you already have an existing SSH key you may overwrite (this usually only applies if you use the default SSH key paths)

This can be checked by listing the files in the directory ~/.ssh 

ls -l ~/.ssh

If there is a key stored here you are unaware of, it is a good idea to back them up first.

SSH Key generation

Use the following command to generate an SSH key.

ssh-keygen -b 4096
Explanation

ssh-keygen - the command itself, used to generate the key

-b - bit-size, in this case 4096

Next, the command will ask for a directory to save the key. By default, it will save the keys in $HOME/.ssh

Generating public/private rsa key pair.  
Enter file in which to save the key (/home/user/.ssh/id_rsa):

If you would like to use a different path, specify the path here, or otherwise press enter to continue with the default.

Next, it will ask for a passphrase. This is optional, but recommended as it adds more security. 

Enter passphrase (empty for no passphrase):

Finally, you should be presented with a screen like this:

Your identification has been saved in /home/user/.ssh/id_rsa  
Your public key has been saved in /home/user/.ssh/id_rsa.pub  
The key fingerprint is:  
SHA256:vMb5cDih3Ksivg4MoDtSEg4rWLVo2xSonqVvHJEL+NY user@HOSTNAME  
The key's randomart image is:  
+---[RSA 4096]----+  
|   .o            |  
|  .o o           |  
|=.+ +            |  
|O* B   .         |  
|OoB.+   S        |  
|+BooE. + =       |  
|=oo . o X .      |  
|.o.+.  . *       |  
| o=o .... .      |  
+----[SHA256]-----+

Installing an SSH public key onto an SSH server

Installing an SSH public key onto an SSH server is pretty easy. It only requires one simple command.

ssh-copy-id user@192.168.0.25

In this case, these are a placeholder username and IP address. You should change the username and IP address seen in the example to match your situation.

For example, if the username and IP address of your server are 'bob' and '192.168.0.59' you should use the following command.

ssh-copy-id bob@192.168.0.59

You should now see this prompt, and another prompt explaining what has just happened.

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_rsa.pub"  
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed  
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys  
Enter passphrase for key '/home/user/.ssh/id_rsa':