What is an SSH KEY?

What is an SSH Key? SSH or Secure Shell keys are an access credential for the SSH secure shell network.

Updated: 31 Oct, 22 by Susith Nonis 9 Min
What is an SSH KEY?

List of content you will read in this article:

What is an SSH Key? An SSH key is not new if you are familiar with the IT environment and understand the cloud infrastructure. So, SSH or Secure Shell keys are an access credential for the SSH secure shell network. Authentication and encryption are used for remote communication between machines on an unsecured open network. Some of its uses are remote file transfer, remote operating system, and network management. 

SSH keys are a set of tools that people use to interact with the SSH protocol. In this guide, you will get thorough information about SSH keys and how you can easily set them up without having any trouble. 

What is an SSH Key?

SSH keys have different sizes, but one of the most famous variants is an RSA 2048-bit encryption. So an RSA 2048-bit encryption is comparable to the 617 digits long password. In an operating system like Windows, it is good to create an SSH key pair by downloading and using SSH clients. On operating systems like Linux and Mac, you can generate SSH keys pairs by using the Terminal

How to Set Up an SSH Key?

Now, we will describe complete information to set up an SSH Key easily as we have divided the procedure into multiple steps.

Generate an SSH Key Pair

You can use our given procedure to generate an SSH key pair, so first, run the following command:

ssh-keygen

Once you execute the command, your system will provide the output like this:

laptop1:~ yourname$ ssh-keygen

Generating public/private rsa key pair.

Now the system will ask you to select the location in which you want to store the keys: 

Enter file in which to save the key (/Users/yourname/.ssh/id_rsa):

After choosing the location, the system will ask you to choose the password: 

Enter passphrase (empty for no passphrase):

Enter the same passphrase again:

Once you provide storage location and password information, the system will generate public and private keys.

  • id_rsa is your private key
  • id_rsa.pub is your public key

Your identification has been saved in /Users/yourname/.ssh/id_rsa.

Your public key has been saved in /Users/yourname/.ssh/id_rsa.pub.

You will get "visual fingerprint" of your key is as follow:

The key fingerprint is:
D7:21:c7:d6:b8:3a:29:29:11:ae:6f:79:bc:67:63:53 yourname@laptop1
The key's randomart image is:
+--[ RSA 2048]----+
|             |
|       . o   |
.   . * .  |
| . .   = o   |
o S . o |
| . . o oE |
| . .oo +. |
| .o.o.*. |
| ....= o |
+-----------------+

After completing the above procedure, your authorized key will look like this:

Ecdsa-sha2-nistp256 AAAAE2 VjZHNhLXN0YTtbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN+ Mh3U / 3We4VYtV 1QmWUFIz FLTUeegl1Ao5 / QGtCRGAZn8bxX9KlCrrWISIjSYAwCajIEGSPEZwPNMBoK8XD8Q = ylo@klar

Finally, your identity key will look like this:

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIJWbvSW7h50HPwG+bWR3DXgQ6YhOxYbe0ifr1rRUvsUuoAoGCCqGSM49
AwEHoUQDQgAE34yHdT/dZ7hVi1XVCZZQUjMUtNR56CXUCjn9Aa0JEYBmfxvFf0qU
KutYhIiNJgDAJqMgQZI8RnA80wGgrxcPxA==
-----END EC PRIVATE KEY-----

Configure an SSH/SFTP User for Your Key

There are two methods to configure an SHH/SFTP user for the key, so these methods are: 

Method 1: Using ssh-copy-id

You have your SSH key. Now you are ready to run it on your system. First, run the following command and replace x.x.x.x with your IP address and sysuser with your computer name:

ssh-copy-id SYSUSER@x.x.x.x

Method 2: Manual Configuration

When you do not have the ssh-copy-id command, you can SSH it to your server manually:

Create the .ssh/authorized_keys and run the following command:

(umask 077 && test -d ~/.ssh || mkdir ~/.ssh)

(umask 077 && touch ~/.ssh/authorized_keys)

Edit the file .ssh/authorized_keys with the help of your preferred editor and paste  id_rsa.pub.

Log In Using Your Private Key

SSH or SFTP into your server using your private key with the help of the following command:

ssh SYSUSER@x.x.x.x

If you haven't created the default location, you will have to type the following:

ssh -i ~/.ssh/custom_key_name SYSUSER@x.x.x.x

Granting Access to Multiple Keys

.ssh/authorized_keys file uses a simple format so if you have multiple users or developers, then grant them access. Follow the instructions use ssh-copy-id, or you can manually paste it into additional keys, one at each.

After completing the process .ssh/authorized_keys file will look something like this:

(Don’t copy this, use your own public keys):

ssh-rsa AAAAB3NzaC1yc 2EAAAADAQABAAABA QDSkT3A1j89RT / 540ghIMHXIV w NlAEM3W tmqVG7YN / wYwtsJ8iCszg4 / lXQsfLFxYmEVe8L9 atgtMGCi5QdYPl4X / c+5YxFfm88Yjfx+ 2xEgUdOr 864eaI22ya NMQ0AlyilmK + PcSyxKP4dzkf6 B5Nsw 8lhfB5n 9F5md 6GHLLjOGu BbHYlesKJKnt2c MzzS90 BdRk73qW6wJ+ MCUWo +cyBFZVGOzrjJGEcHewOCbVs +IJWBFSi6w1enbKGc +RY9KrnzeDKWWqzYnNofiHGVFAu MxrmZOasqlTIKiC2UK3RmLx ZicWiQmPnpnjJRo 7pL0oYM9r/ sIWzD6i2S9szDy6aZ  mike@laptop1

ssh-rsa AAAAB3NzaC1yc 2EAAAADAQABAAABAQC zlL9Wo8yw EFXSvMJ8FY mxP6HHHMD TyYAWwM3AO tsc96DcYVQIJ5V sydZf5 /4NWuq55Mqnzdn GB2IfjQvOrW4Jen 0cI5UFTvAG4PkfYZb 00Hbvwho8JsS AwChvWU6I uhgiiUBofKSMMifKg+ pEJ0dLjks 2GUcfxeBwbNn AgxsBvY6BCXRfezIdd PlqyfWfnftqnafIFvuiRFB1 DeeBr24kik /550MaieQpJ848 +MgIeVCjko4NPPLssJ /1jhGEHOTlGJpWKGDqQK + QBaOQZh7JB7ehTK +pwIFHbUaeAkr66i VYJuC05iA7ot 9FZX8XGkxgmhlna FHNf0l8ynosanqt henry@laptop2

Retrieve Your Public Key from Your Private Key

You can retrieve the public key from a private key by using this command:

ssh-keygen -y -f /path/to/your_private_key_file (eg. /root/.ssh/id_rsa or ~/.ssh/custom_key_name)

Correcting permissions on the .ssh directory

First, run these commands on your server while SSH'd in as your app's system user:

chmod 700 ~/.ssh

chmod 600 ~/.ssh/authorized_keys

If anyone tries to enter a password, will receive a message like:

Permission denied (publickey,password).
Or
No supported authentication methods available

Manage Multiple SSH Keys

SSH config

First, you have to enter SSH config, create a new file: ~/.ssh/config, and open it for editing:

nano ~/.ssh/config

Managing Custom Named SSH key

Configure file to avoid adding custom-named SSH keys using ssh-add all the time. Suppose your SSH key is named ~/.ssh/id_rsa, add the following to the config file:

Host github.com
 HostName github.com
 User git
 IdentityFile ~/.ssh/id_rsa
  IdentitiesOnly yes

In the above syntax, ~/.ssh/id_rsa is not in ssh-agent by opening another terminal and edit:

ssh-add -D

All keys will be removed, which has an active ssh-agent session. Now you can configure the file will use the key at ~/.ssh/ida_rsa. Here are some of the best configuration examples:

Host bitbucket-corporate
     HostName bitbucket.org
     User git
     IdentityFile ~/.ssh/id_rsa_corp
     IdentitiesOnly yes

Now you can use:

git clone git@bitbucket-corporate:company/project.git
Host bitbucket-personal
     HostName bitbucket.org
     User git
     IdentityFile ~/.ssh/id_rsa_personal
     IdentitiesOnly yes

Now you can use:

git clone git@bitbucket-personal:username/other-pi-project.git
Host myserver
     HostName ssh.username.com
     Port 1111
     IdentityFile ~/.ssh/id_rsa_personal
     IdentitiesOnly yes
     User username
     IdentitiesOnly yes

Generate an SSH Key on Mac and Linux

For starting the key creation process, you can execute the following command: 

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

"Enter a file in which to save the key."

> Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]

Press "Enter" to accept the default file location. Now you can add a passphrase to keys that will prevent this scenario.

> Enter passphrase (empty for no passphrase): [Type a passphrase]

> Enter the same passphrase again: [Type passphrase again]

Add the new SSH key to the ssh-agent and this SSH key to the ssh-agent first ensure the ssh-agent is running by executing:

$ eval "$(ssh-agent -s)"

> Agent pid 59566

Add the new SSH key to the local SSH agent.

ssh-add -K /Users/you/.ssh/id_rsa

Finally, the new SSH key is now registered and ready to use. 

Moving SSH keys to a Root-Owned Location

Moving SSH keys to a root-owned location is easy, and here the reasons why we said it:

  • Create a suitable root-owned directory, e.g., /etc/ssh/keys, under which authorized keys are stored.
  • Create a subdirectory under this directory for each user, and move each user's authorized_keys file to /etc/ssh/keys//authorized_keys.
  • Finally, change set AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys in /etc/ssh/sshd_config.

Conclusion

An in-depth understanding of SSH helps users understand the important aspects and security regarding this technology. Most people consider this simple process as a web of commands and instructions to follow.

The computer takes less than a second to calculate a hash and authenticates a user. People don't realize this extremely low time and think that it might have taken computers a few seconds to process that much complicated information.

The maximum time which computer uses is taken on the internet where it sends and receives data. This tutorial is made to let you know that these various technologies are adaptable and responsive.

You can club these technologies together to create a state-of-the-art system. But beware that each mechanism and process has a vital role to play in the whole process. To set up an SSH connection, you will need to get a Linux VPS: get it now and start creating.

Category: Tutorials
Susith Nonis

Susith Nonis

I'm fascinated by the IT world and how the 1's and 0's work. While I venture into the world of Technology, I try to share what I know in the simplest way with you. Not a fan of coffee, a travel addict, and a self-accredited 'master chef'.