Friday, November 11, 2016

HOWTO - Generate a SSH RSA key pair for key based login


Generating a new SSH  key can be useful if U want to do passwordless authentication to a Linux server.

A SSH RSA key consists of a private public keypair, the private key will be kept secret and is your key to prove to the server who you say you are.

In below workflow the communication steps to do key-based authentication to a SSH server are summarised.




To generate a SSH RSA keypair, enter below command in a bash shell:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
-t  Specifies the type of key to use, in this case we will use the RSA key type.

-b Specifies the bitlenght to use, 1024, 2048, 4096 are possible values, the higher you go, the stronger your security will be, and the more time it will take to break your RSA key.

-C Specifies a label for your key.


This will create your SSH RSA key pair.
Generating public/private rsa key pair.

When u are asked to provide a location, press enter.  This will save your RSA key pair to your home folder.
Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]

In the end you will be asked for a password, your private key in this key pair will be encrypted with that password, so if someone steals your RSA key, it will be useless without that password.   You can also leave your password empty, but if your key get's stolen then, somone else will be able to use it.
In any case, note that you will need to provide that password, each time if the private key will be used.  
Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]