First page Back Continue Last page Overview Graphics
SSH key creation
- ssh-keygen –b 1024 –c “Comment” –f ~/.ssh/identity_file
Different forms for each of the SSH flavors
Assign a hard-to-guess passphrase to the private key during creation.
Key can be used for multiple servers
“man ssh-keygen” will give you the exact syntax for the version of SSH on your machine.
Running this command will create two files: ~/.ssh/identity_file (the private key) and ~/.ssh/indentity_file.pub (the public file). The private file is an unreadable binary file; this one should never leave your control. ~/.ssh/identity_file.pub is the public key that needs to be copied over to each server you want to access.
The passphrase is a long phrase with lots of varied characters. It’s like a password, but longer and with more strange characters. It encrypts the private key before storing it on the disk; this makes the file useless to someone who manages to steal it from your disk unless they also know the passphrase.
If you’re worried that we’ve traded short passwords for a lot of complexity and long passphrases, don’t worry! We’ll see that ssh-agent can let us enter the passphrase once and remember the private key. Also, by putting the public key on many machines, the one private key can give us access to lots of remote machines.