The following steps will setup your ssh keypairs on your local machine, copy the public key to your server, and configure your ssh client to use a specific private key with a server alias.
First, generate your keypair, I generally name the keys with my username-service, username-hostname, or username-device, sometimes even a combination of the three.
To generate keys for a new server at securedomain.com
ssh-keygen -t rsa -b 4096 -C '[email protected]'
Things to keep in mind:
- The email does not have to be the same domain as the service/server you are connecting to
- The
-t rsa -b 4096
options are safe and will work on most servers, you can also use-t ed25519
if you wish.
Once you're in the ssh-keygen prompt it will ask you to provide a name for your keys
NOTE: You can also do this in the command itself using the -f <filename>
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):<new_key_name>
The ssh-keygen application will then, prompt you for a passphrase to secure your key. (You don't have to, but it is recommended). If you don't wish to use a passphrase just press enter twice.
Now, we need to copy our keys to the server, we do so by entering the following
ssh-copy-id -i .ssh/yourkeyfile username@hostname
This will effectively copy your keyfile over to the new server in a secure fashion. More reading on this here.
Next, you will want to add the key to your ~/.ssh/config to be used automatically with the specified host it was created for; this saves the leg work of having to remember which key goes with which host, and also from having to type -i /path/to/key
options with your ssh command.
To do this, first we need to edit our config, so open up ~/.ssh/config in your preferred editor and enter the following:
# EXAMPLE
# This will setup the use of example as an alias for the FQDN of the server you want to connect to
Host example
Hostname example.securedomain.com
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/securedomain_username
In this config the following are true:
Host
is an alias to the server we wish to connect to, it does not have to match the domain name.Hostname
is the actual FQDN of the server we wish to connect toAddKeysToAgent
tells ssh to add the specified keyfiles to our existing ssh-agentUseKeychain
tells ssh to utilize the keychain, which either starts the ssh-agent, or connects to an already running instance saving the trouble of typing the passphrase for a given key if you're logging in and out of a server frequently.IdentityFile
is your keyfile you wish to use for the host you are configuring; probably the key you just generated.
Using this config and example; we can now use the following command
ssh user@example
Which using this config, in the background is expanded out to the following command
ssh -i ~/.ssh/securedomain_username [email protected]
You can hire me via Upwork or emailing me for weekend projects!