Howto setup ssh keys on linux

Type : System
Operating System : Linux

SSH is a secure protocole very usefull to access on server. With ssh, you can create keys with different algorithms to facilitate access to your servers. You have the choice between DSA and RSA algorithm for the generation of your keys.

SETUP KEYS

Don't forget to enter a passphrase to reduce risk of acces of your server.

SSH key with 4096 bits and rsa algorithm.

ssh-test@babylon ~]$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ssh-test/.ssh/id_rsa):
Created directory '/home/ssh-test/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ssh-test/.ssh/id_rsa.
Your public key has been saved in /home/ssh-test/.ssh/id_rsa.pub.
The key fingerprint is:
8b:3c:24:1c:dd:5c:64:b2:82:6a:c6:89:34:d9:93:44 This e-mail address is being protected from spambots. You need JavaScript enabled to view it

My recommendation for RSA keys is to generate a keys with 4096 bits and more.

SSH key dsa algorithm

[ssh-test@babylon ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/ssh-test/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ssh-test/.ssh/id_dsa.
Your public key has been saved in /home/ssh-test/.ssh/id_dsa.pub.
The key fingerprint is:
6c:ba:65:a7:bf:e0:56:b0:8d:31:43:12:b0:5f:bc:3e This e-mail address is being protected from spambots. You need JavaScript enabled to view it

INSTALL KEYS

Now you have generate your keys with RSA or DSA algorithm and you have 2 files per key type in your .ssh folder.

[ssh-test@babylon .ssh]$ ls -al
total 48
drwx------ 2 ssh-test ssh-test 4096 Jan 23 09:26 .
drwx------ 3 ssh-test ssh-test 4096 Jan 22 23:30 ..
-rw------- 1 ssh-test ssh-test 668 Jan 22 21:19 id_dsa
-rw-r----- 1 ssh-test ssh-test 623 Jan 22 21:19 id_dsa.pub
-rw------- 1 ssh-test ssh-test 3239 Jan 23 09:26 id_rsa
-rw-r----- 1 ssh-test ssh-test 755 Jan 23 09:26 id_rsa.pub

id_dsa : DSA authentication identity of the user
id_dsa.pub : DSA public key for authentication
id_rsa : RSA authentication identity of the user
id_rsa.pub : RSA public key for authentication

If you want to acces to your server with your ssh key, you have to go on your server and edit authorized_keys file in the .ssh folder of the user you want to access. Now you put the PUB file of the key you want to use in the authorized_keys file.

Example of .ssh folder on www server with ssh-remote-test user.

ssh-remote-test@www .ssh]$ ls -al
total 12
drwx------ 2 ssh-remote-test ssh-remote-test 4096 Jan 23 09:27 .
drwx------ 3 ssh-remote-test ssh-remote-test 4096 Jan 23 09:27 ..
-rw------- 1 ssh-remote-test ssh-remote-test 755 Jan 23 09:27 authorized_keys

Example of access to ssh-remote-user on www server with keys.

[ssh-test@babylon .ssh]$ ssh ssh-remote-test@80.*.*.*
The authenticity of host '80.*.*.* (80.*.*.*)' can't be established.
RSA key fingerprint is c4:d5:70:88:12:11:ff:9a:4f:4a:ac:ab:a2:d3:ba:5c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '80.*.*.*' (RSA) to the list of known hosts.
Enter passphrase for key '/home/ssh-test/.ssh/id_rsa':
Last login: Sat Jan 23 09:28:34 2010 from 80.*.*.*