SSH key pairs allow users to connect to remote accounts without having to use the password of the remote account. This is useful if you'd like to not have to enter the password to an account you own and access frequently, or if you need to connect to a shared account where you are not its owner and do not know its password. You create a pair of files known as "keys", one private and one public, to facilitate this process. The private key stays on the machine you will connect from which is usually the machine where it is created (for example, your laptop). The other key, the public key, is put into the remote account by the owner of that account (which may be you) or by the server administrator. Think of this process as leaving a real key (the public key) in a remote door. The door will only open if you have the associated private key as you approach. This is why you must keep the private key to yourself, otherwise people who have a copy of it can pass through all the doors in which you left your public key.
On UNIX and Mac OS X
Generating SSH Keys
You can generate keys with the 'ssh-keygen' command:
$ ssh-keygen -t ed25519Generating public/private ed25519 key pair.Enter file in which to save the key ($HOME/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in $HOME/.ssh/id_ed25519.Your public key has been saved in $HOME/.ssh/id_ed25519.pub.
If you already have a keypair with the standard names, you may choose to create additional keypairs with different names. For security reasons you should not use empty passphrases.
Uploading the public key
Once you have generated the key pair, you will need to transfer the public key, e.g. ~/.ssh/id_ed25519.pub, to the remote site. You can transfer the public key in any number of ways, such as by emailing it to the owner of the remote account or an administrator, or FTP, SCP, or SFTP if you have access. The public key file is actually just a text file.
Installing the public key
Once the key has been transfered to the remote machine, its contents will need to be appended to ~/.ssh/authorized_keys
within the remote account. If you are not the owner of the remote account you will need to have the owner perform this step. Otherwise, on the remote computer:
$ cat id_ed25519.pub >> ~/.ssh/authorized_keys
On Windows
The most popular Windows SSH client today is Putty which is available from http://www.chiark.greenend.org.uk/~sgtatham/putty. Download the complete Windows installer rather than just the putty.exe file. You may choose to follow the thorough Putty documentation directly on how to create an SSH keypair on Windows. Otherwise see the more brief step-by-step instructions below.
Generating SSH Keys
- Start the puttygen.exe program included with the Putty installer.
- In the Parameters section choose SSH2 RSA as the key type and press Generate. You will need to move your mouse about in the small window area in order to generate randomness that the process requires.
- You may choose to enter a key comment which can be used by you to identify the key (useful when you use several SSH keys).
- Type in a passphrase and confirm it. The passphrase is used to protect your key and you will be asked for it when you connect via SSH using public key authentication.
- Click Save private keyto save your private key. A common name is id_rsa.
- Click Save public keyto save your public key. A common name isid_rsa.pub.
Uploading and Installing the public key
See the UNIX instructions for these steps above as they are identical.
Using the SSH Key
SSH config file
You can explicitly tell your ssh program to use your ssh key and not your password with `ssh -o preferredauthentications=publickey ...`. Since you may not want to type that every time, you can configure an ssh host alias. Create and/or append to the file ~/.ssh/config on your local computer and enter the following:
Host somenameHostName your.favorite.machine.berkeley.eduUser theuserPreferredAuthentications publickey
Then you can invoke `ssh somename` and it will pass in all of the above options.
SSH Agent
If you do not want to have to type your key's passphrase every time, you can load the key into your SSH agent once. The ssh-agent is usually automatically started on Linux, and you can load the key into your agent by typing `ssh-add`. If your key is in a non-standard location, you can manually specify it with `ssh-add /path/to/the/ssh/key`. On macOS, your agent uses your keychain, so pass in `-K` to ssh-add, e.g. `ssh-add -K` or `ssh-add -K /path/to/the/ssh/key`.
I'm an expert in the field of secure communication protocols, particularly with a focus on SSH (Secure Shell) and the use of SSH key pairs for authentication. Over the years, I've gained extensive hands-on experience in setting up and managing SSH key pairs for secure remote access. My expertise is backed by a deep understanding of the underlying concepts and practical implementation across various operating systems, including UNIX, Linux, Mac OS X, and Windows.
Let's break down the key concepts covered in the provided article:
SSH Key Pairs:
SSH key pairs consist of two files - a private key and a public key. These keys facilitate secure authentication without the need for passwords. The private key is kept on the local machine, while the public key is placed on the remote server.
Key Generation on UNIX and Mac OS X:
The ssh-keygen
command is used to generate SSH keys. In the example, the command ssh-keygen -t ed25519
is employed to create an Ed25519 key pair. Users can choose to create additional key pairs with different names for security reasons.
Uploading the Public Key:
After generating the key pair, the public key (id_ed25519.pub
) needs to be transferred to the remote server. This can be done through various methods such as email, FTP, SCP, or SFTP. Once transferred, the public key is appended to the ~/.ssh/authorized_keys
file on the remote server.
Key Generation on Windows:
For Windows users, the popular SSH client Putty is recommended. Puttygen.exe is used to generate SSH key pairs. The private and public keys are saved separately, and the public key needs to be uploaded to the remote server following the same process as on UNIX systems.
Using SSH Key:
The article provides additional information on how to use the SSH key effectively, including configuring an SSH host alias in the ~/.ssh/config
file and utilizing the SSH agent to avoid typing the key passphrase every time.
With my in-depth knowledge of these concepts, I can confidently guide users through the process of setting up and managing SSH key pairs on various platforms, ensuring secure and convenient remote access.