networking:ssh:ssh-keys
Table of Contents
SSH Key Management
This page is meant to assist in setting up and maintaining SSH keys.
SSH Directory Permissions
chmod 700 ~/.ssh chmod 644 ~/.ssh/authorized_keys chmod 644 ~/.ssh/known_hosts chmod 644 ~/.ssh/config chmod 600 ~/.ssh/id_ed25519 chmod 644 ~/.ssh/id_ed25519.pub chmod 600 ~/.ssh/id_rsa chmod 644 ~/.ssh/id_rsa.pub
Generating SSH Keys
ED25519
- Change to
~/.ssh
:cd ~/.ssh
- Generate an Ed25519 ssh key:
ssh-keygen -t ed25519 -a 256
- Generate an Ed25519 ssh key with a specific name:
ssh-keygen -f <keyname> -t ed25519 -a 256
RSA
- Change to
~/.ssh
:cd ~/.ssh
- Generate a RSA ssh key:
ssh-keygen -t rsa -b 4096 -o -a 256
- Generate a RSA ssh key with a specific name:
ssh-keygen -f <keyname> -t rsa -b 4096 -o -a 256
Verifying SSH Keys
Verify SSH Key Password
- Change to
~/.ssh
:cd ~/.ssh
- Verify password:
ssh-keygen -y -f id_ed25519
- Upon entering successful passphrase, it prints the pubkey:
Enter passphrase: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAZcdEIpPbJal7CEsIpaHzBEjs/8nedIvDA/sDlvqll chuck@gaming
- Enter the wrong passphrase:
ssh-keygen -y -f id_ed25519 Enter passphrase: Load key "id_ed25519": incorrect passphrase supplied to decrypt private key
Verify SSH Private Key Matches Public Key
- Change to
~/.ssh
:cd ~/.ssh
- Verify ssh key matches it's private key:
ssh-keygen -l -f id_ed25519; ssh-keygen -l -f id_ed25519.pub
- Output should match:
256 SHA256:W5o5+DV3Jaba4txzQ58gZuIZvZD44McIU7tV9I4LZpw chuck@gaming (ED25519) 256 SHA256:W5o5+DV3Jaba4txzQ58gZuIZvZD44McIU7tV9I4LZpw chuck@gaming (ED25519)
Modifying SSH Keys
Change SSH Key Password
- Change to
~/.ssh
:cd ~/.ssh
- Change password:
ssh-keygen -p -f id_ed25519
Change SSH Key Comment
- Change to
~/.ssh
:cd ~/.ssh
- Change comment (email):
ssh-keygen -c -f id_ed25519 Enter passphrase: Key now has comment 'chuck@hostname' Enter new comment: user@newname The comment in your key file has been changed.
SSH-Agent
- Add the key to the ssh-agent.
ssh-add keyname
- Add the key to the server using the credentials from the config file.
ssh-copy-id -i keyname servername
Links
networking/ssh/ssh-keys.txt · Last modified: 2022/05/07 02:53 by chuck