Creating SSH Keys

Creating SSH Keys Secure Shell, or SSH, is a powerful and popular tool for connecting to Fedora systems over local or global networks. SSH is more secure when used with keys. Like a physical key and lock, an ssh public and private key are paired to work only with each other. Using keys can make connecting easier, and systems that use keys can be made more secure by turning off ssh password access.

Required Ingredients openssh-clients - Package, comes by default on most systems. openssh - Package, comes by default on most systems. Working Network Connection - Network services need a network! Target host - Another computer that you have network and password access to. You will need either an IP address or a domain name for this machine. Local testing To test ssh access against the local machine instead of another on the network, use localhost as the target hostname.

Directions Setting up SSH Keys Create the key. ssh-keygen -b 4096 -N "secret" -f ~/.ssh/target_id_isa If you don't declare any options, ssh-keygen will ask for the required minimum interactively. Read about the example's options below, or find more options in man ssh-keygen. -b 4096 : Generates a 4096-bit key, stronger than the default. -n secret : A passphrase for the key. Optional, but strongly recommended. -f ~/.ssh/target_id_rsa : The file to create. Call the file anything, but store it in ~/.ssh/ Copy the public key to your target. ssh-copy-id -i ~/.ssh/target_id_rsa.pub target_ip The ssh-copy-id utility opens an ssh connection to the target using password authentication and adds the contents of the public key to ~/.ssh/authorized_keys`. The file can also be shared by other means and appended to authorized_keys manually, a method used for systems where password authentication cannot be turned on. cat target_id_rsa.pub >> ~/.ssh/authorized_keys Test the key: ssh -i ~/.ssh/target_id_rsa -o PasswordAuthentication=no target_ip Add an entry in your client ssh configuration for the key. ssh will try all keys in ~/.ssh/ when connecting to any host unless configured otherwise, so configuring it to only use keys that are explicitly paired to a host will reduce rejected authentication attempts and speed connections. Editing <filename>~/.ssh/config</filename> Host * IdentitiesOnly yes Host target_ip PasswordAuthentication No IdentityFile ~/.ssh/target_id_rsa

References ssh-keygen(1) - manual for ssh-keygen ssh-copy-id(1) - manual for ssh-copy-id ssh-config(5) - manual for ssh client configuration files