Beta 42

Research and Development


Generate ssh Crypto Key


ssh-keygen -f ~/.ssh/server_rsa -t rsa -b 4096
ssh-copy-id -i ~/.ssh/ user@server_ip

Edit server /etc/ssh/sshd_config file and set Port to 8022 and PasswordAuthentication to no.

Tool ssh-keygen

Use ssh-keygen tool to create new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on, and for authenticating hosts.

The simplest way to generate a key pair is to run ssh-keygen without arguments. In this case, it will prompt for the file in which to store keys. Here's an example:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/
The key fingerprint is:
SHA256:bDQtv6SEck5wSiRHVM3bqZbNEY++j73ITVPFBxoPF9s user@host
The key's randomart image is:
+---[RSA 3072]----+
|  .o=..o    o +. |
|   +    o..  * = |
|    o . +o.=. o E|
|   . + +.+= .  ..|
|    o + S*o.  .  |
|     = o+o+. .   |
|      ... ..o    |
|         ..* .   |
|          +.=.   |

Algorithm and Key Size

SSH supports several public key algorithms for authentication keys. These include:

The algorithm is selected using the -t option and key size using the -b option. The following commands illustrate:

ssh-keygen -t rsa -b 4096
ssh-keygen -t dsa
ssh-keygen -t ecdsa -b 521
ssh-keygen -t ed25519

File Name

File name can be specified on the command line using the -f <filename> option:

ssh-keygen -f ~/test-key-ecdsa -t ecdsa -b 521

Copy the Public Key to the Server

To use public key authentication, the public key must be copied to a server and installed in an authorized_keys file. This can be conveniently done using the ssh-copy-id tool:

ssh-copy-id -i ~/.ssh/test-key-ecdsa user@host

Once the public key has been configured on the server, the server will allow any connecting user that has the private key to log in. During the login process, the client proves possession of the private key by digitally signing the key exchange.