Creating SSH Public/Private Key Pairs

OpenSSH is the standard tool for remotely managing servers. It is a standard feature in Apple's OSX, the BSD operating systems and the myriad of Linux distributions.

And inumerable network devices run the SSH server. From routers and switches to any basic server configuration, it's hard to escape it.

It should be needless to say, but the fine folks at the OpenSSH project deserve your contributions. And certainly all those vendors who use their software should be contributing in multiples of individual donations.

Separate instructions are required for users looking to employ PuTTY, including the conversion of the SSH keys from the Putty format to OpenSSH.

Used correctly, SSH is highly secure. It utilizes public key cryptography in which there are two keys generated. There is a public key which can be viewed as a mechanical lock. The private key can be viewed as a key. Just like in the physical world, everyone has access to the lock, which is in itself, not a security vulnerability. The key, however, much be kept private. In the digital world, the public key resides on the server being accessed, while the private key must be kept in a secure location and protected with a password to utilize.

These are the command-line steps to creating on the above operating systems.

1. This example sets the key's algorithm to RSA, and the bit size to 8192. Keys of 4096 or 8192 are recommended. At the command line, type:

$ ssh-keygen -t rsa -b 8192

Generating public/private rsa key pair.

This prompt requests the destination of the private key file, id_rsa,

Enter file in which to save the key (/home/user/.ssh/id_rsa):

Next is the prompt requiring a password for using the private key. This is a vital aspect of securing SSH credentials. In cases in which SSH keys are used for scripted processes, passwords are often not used.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Finally, the private key is deposited in the user's .ssh directory in home:

Your identification has been saved in /home/user/.ssh/id_rsa.

And the public key, which is entitled

Your public key has been saved in /home/user/.ssh/ The key fingerprint is:

61:6d:43:53:49:2u:jo:34:g9:l3:92:m3:28:z4:i9:2b user@host

The key's randomart image is:

+--[ RSA 8192]----+
| ooo. |
| . ++ |
| o+ |
| o .o. |
| . o .S. |
| o o . |
|.o + . . |
|+o+ o . |
|Eo.. . |

For accessing a remote server, have the renamed to authorized_keys. By default, it should be placed in the user's remote .ssh directory.

The private key, id_rsa, should be maintained in a secure location.