SSH Keys for Beginners

Jeff Boolean

What is SSH Key

SSH key is a type of access credential that is used in communication between client and server via SSH Protocol.

There are commonly two types of SSH keys:

  • Authorized key (or public key): This key is usually stored on both server and client.
  • Identity key (or private key): This key is kept private and should only be stored on client which has the access right to server.

Note: The combination of public key and private key is called user keys. Since a private key without a public key is useless and vice versa, therefore when talk about SSH Key we tend to use the plural form (i.e SSH Keys).

Why Use SSH Keys

Without using SSH keys, the common way to communicate with a remote server from client is to typing username and passwordin client and send it over the internet. This poses a big security hole since the password is visible in the command.

Generate SSH Keys

To generate SSH Keys type the following command in terminal:

$ ssh-keygen

You'll be asked to enter location on your computer in which to save the keys. The default location is ~/.ssh. If you hit Enter then an id_rsa private key and and public key will be generated.

The rsa is an encryption algorithm. You could change to dsa algorithm by using the -t option in the command:

$ ssh-keygen -t "dsa"

Use SSH Keys

To use the ssh key you'll need to do two thing:

  • Add ssh public and private keys on client
  • Add ssh public key to server

Add ssh public and private keys on client

This step is pretty simple. Open the command line and run the following command:

$ ssh-add

Add ssh public key to server

The last step is to add ssh public key to the server. The first time you do this you'll need to manually login to server by typing user and password in the command line. Go ahead and do this, if you happen to forget the command here's the syntax:

$ ssh [username]@[host] -p [port]

After logging into the server, append content of the SSH public key that has been created on client to the ~/.ssh/authorized_keys file on server (create .ssh directory in home your logged-in user home folder on server if it does not exist):

$ echo "content of public key" >> ~/.ssh/authorized_keys

After this step, log out to server and you will be able to login to server without having to type username and password.