What is SSH Key
SSH key is a type of access credential that is used in communication between client and server via SSH Protocol.
There are commonly two types of SSH keys:
- Authorized key (or public key): This key is usually stored on both server and client.
- Identity key (or private key): This key is kept private and should only be stored on client which has the access right to server.
Note: The combination of public key and private key is called user keys. Since a private key without a public key is useless and vice versa, therefore when talk about SSH Key we tend to use the plural form (i.e SSH Keys).
Why Use SSH Keys
Without using SSH keys, the common way to communicate with a remote server from client is to typing username and passwordin client and send it over the internet. This poses a big security hole since the password is visible in the command.
Generate SSH Keys
To generate SSH Keys type the following command in terminal:
You'll be asked to enter location on your computer in which to save the keys. The default location is
~/.ssh. If you hit Enter then an id_rsa private key and and
id_rsa.pub public key will be generated.
rsa is an encryption algorithm. You could change to
dsa algorithm by using the
-t option in the command:
$ ssh-keygen -t "dsa"
Use SSH Keys
To use the ssh key you'll need to do two thing:
- Add ssh public and private keys on client
- Add ssh public key to server
Add ssh public and private keys on client
This step is pretty simple. Open the command line and run the following command:
Add ssh public key to server
The last step is to add ssh public key to the server. The first time you do this you'll need to manually login to server by typing user and password in the command line. Go ahead and do this, if you happen to forget the command here's the syntax:
$ ssh [username]@[host] -p [port]
After logging into the server, append content of the SSH public key that has been created on client to the
~/.ssh/authorized_keys file on server (create
.ssh directory in home your logged-in user home folder on server if it does not exist):
$ echo "content of public key" >> ~/.ssh/authorized_keys
After this step, log out to server and you will be able to login to server without having to type username and password.