How to Generate A Public/Private SSH Key [Linux]

If you are using SSH frequently to connect to a remote host, one of the way to secure the connection is to use a public/private SSH key so no password is transmitted over the network and it can prevent against brute force attack.

In Linux, creating a public/private SSH key is easy.

1. Open a terminal. Type:

ssh-keygen -t rsa

Alternatively, you can also use the DSA (Digital Signing Algorithm) technology to create the public/private key.

ssh-keygen -t dsa

Note: There has been a lot of debate about the security of DSA and RSA. In my opinion, unless you are very particular and love to delve into the technical detail between the two technology, it doesn’t matter which of the two you choose. Both will work fine.

2. In the next screen, you should see a prompt, asking you for the location to save the key. The default location is the .ssh folder in your Home directory. You can just press “Enter” to accept the default setting.

ssh-keygen

3. Next, you will be prompted to enter passphrase. This is NOT the passphrase to connect to your remote host. This is the passphrase to unlock the private key so that no one can access your remote server even if they got hold of your private key. The passphrase is optional. To leave it blank, just press “Enter”.

ssh-passphrase

4. Your public and private SSH key should now be generated. Open the file manager and navigate to the .ssh directory. You should see two files: id_rsa and id_rsa.pub.

5. Upload the id_rsa.pub file to the home folder of your remote host (assuming your remote host is running Linux as well). Connect to your remote host via SSH and use the following command to move the public key to the correct location.

cat id_rsa.pub >> ~/.ssh/authorized_keys
rm id_rsa.pub

6. Still in your remote host, open the SSH config file:

sudo nano /etc/ssh/sshd_config

Scroll down the config file and make sure the following attributes are set correctly.

RSAAuthentication yes
PubkeyAuthentication yes 
PasswordAuthentication no

Press “ctrl + o” to write and save the file, follow by “ctrl + x” to close the file.

7. Lastly, restart the SSH server in the remote host

sudo /etc/init.d/ssh reload

That’s it. You can now connect to your remote host with the following command:

ssh -i /path-to-private-key username@remote-host-ip-address

Image credit: eternicode @ DeviantArt