SSH, or Secure Shell, is a network protocol that allows you to securely connect and communicate with remote servers over the internet. With SSH, you can run commands, transfer files, and configure services on remote machines. SSH also supports various authentication methods, such as passwords and public-key cryptography.
In this post, we will focus on the public-key authentication method, which is more secure and convenient than using passwords. We will explain what SSH keys are, how they work, and how to create and use them on different operating systems, such as Windows 11, MacOS, and Ubuntu.
What are SSH keys?
SSH keys are two long strings of characters that are used to verify the identity of a user who wants to access a remote server. These keys are generated by the user on their local machine using a SSH utility. One key is private and stored on the user’s local machine. The other key is public and shared with the remote server or any other entity the user wishes to securely communicate with.
The private key is like a secret password that should never be revealed to anyone. The public key is like a lock that can be opened only by the matching private key. When the user tries to connect to the remote server, the server will check if the user has the correct private key that matches the public key stored on the server. If the keys match, the user is granted access. If not, the connection is denied.
SSH keys provide several advantages over passwords:
- They are more secure, as they are harder to guess or crack by brute force attacks.
- They are more convenient, as they do not require the user to remember or type a password every time they connect to the server.
- They can be used to automate tasks, such as running scripts or deploying applications, without human intervention.
How to create SSH keys?
To create SSH keys, you need to use a SSH utility that is available on your operating system. There are different tools and commands for different operating systems, but the basic steps are similar:
- Run a command to generate a pair of SSH keys, usually a 3072-bit or 4096-bit RSA key pair. You can optionally add a passphrase to further protect your private key.
- Save the keys in a secure location on your local machine, usually in a hidden folder named
.ssh
in your home directory. The private key will have no file extension, while the public key will have a .pub
extension. - Copy the public key to the remote server or any other entity you want to communicate with. You can use a utility called
ssh-copy-id
or manually append the public key to a file named authorized_keys
in the .ssh
folder on the remote server.
In the following sections, we will show you how to create SSH keys on Windows 11, MacOS, and Ubuntu, using different tools and commands.
Windows 11
Windows 11 comes with a built-in OpenSSH client that you can use to generate SSH keys. To use it, open the Windows Terminal or the Command Prompt and follow these steps:
- Type the following command to generate a pair of SSH keys and press Enter:
1
| ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
|
This will create a 4096-bit RSA key pair with your email address as a comment.
- You will be prompted to specify the file name and location for the keys. Press Enter to accept the default location, which is
C:\Users\yourusername\.ssh\id_rsa
for the private key and C:\Users\yourusername\.ssh\id_rsa.pub
for the public key.
1
| Enter file in which to save the key (C:\Users\yourusername/.ssh/id_rsa):
|
- You will be asked to enter a passphrase for the keys. This is optional, but recommended for extra security. Type a secure passphrase and press Enter. You will need to enter the same passphrase again to confirm it.
1
2
| Enter passphrase (empty for no passphrase):
Enter same passphrase again:
|
- You will see a message that your keys have been generated, along with a fingerprint and a randomart image.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| Your identification has been saved in C:\Users\yourusername/.ssh/id_rsa
Your public key has been saved in C:\Users\yourusername/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx your_email@example.com
The key's randomart image is:
+---[RSA 4096]----+
| |
| |
| |
| |
| |
| |
| |
| |
| |
+----[SHA256]-----+
|
- To copy the public key to the remote server, you can use the
ssh-copy-id
utility. Type the following command, replacing remote_username
and server_ip_address
with the username and IP address of the remote server. You will be prompted to enter the password of the remote user.
1
| ssh-copy-id remote_username@server_ip_address
|
- Alternatively, you can manually copy the public key to the remote server. To do that, you need to open the public key file with a text editor, such as Notepad, and copy its contents. Then, you need to log in to the remote server using SSH, create a
.ssh
folder in your home directory if it does not exist, and append the public key to a file named authorized_keys
in the .ssh
folder. You can use the following commands to do that:
1
2
3
| ssh remote_username@server_ip_address
mkdir -p ~/.ssh
echo 'paste_your_public_key_here' >> ~/.ssh/authorized_keys
|
MacOS
MacOS comes with a SSH utility called OpenSSH that you can use to generate SSH keys. To use it, open the Terminal application and follow these steps:
- Type the following command to generate a pair of SSH keys and press Enter:
1
| ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
|
This will create a 4096-bit RSA key pair with your email address as a comment.
- You will be prompted to specify the file name and location for the keys. Press Enter to accept the default location, which is
/Users/yourusername/.ssh/id_rsa
for the private key and /Users/yourusername/.ssh/id_rsa.pub
for the public key.
1
| Enter file in which to save the key (/Users/yourusername/.ssh/id_rsa):
|
- You will be asked to enter a passphrase for the keys. This is optional, but recommended for extra security. Type a secure passphrase and press Enter. You will need to enter the same passphrase again to confirm it.
1
2
| Enter passphrase (empty for no passphrase):
Enter same passphrase again:
|
- You will see a message that your keys have been generated, along with a fingerprint and a randomart image.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| Your identification has been saved in /Users/yourusername/.ssh/id_rsa
Your public key has been saved in /Users/yourusername/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx your_email@example.com
The key's randomart image is:
+---[RSA 4096]----+
| |
| |
| |
| |
| |
| |
| |
| |
| |
+----[SHA256]-----+
|
- To copy the public key to the remote server, you can use the
ssh-copy-id
utility. Type the following command, replacing remote_username
and server_ip_address
with the username and IP address of the remote server. You will be prompted to enter the password of the remote user.
1
| ssh-copy-id remote_username@server_ip_address
|
- Alternatively, you can manually copy the public key to the remote server. To do that, you need to open the public key file with a text editor, such as TextEdit, and copy its contents. Then, you need to log in to the remote server using SSH, create a
.ssh
folder in your home directory if it does not exist, and append the public key to a file named authorized_keys
in the .ssh
folder. You can use the following commands to do that:
1
2
3
| ssh remote_username@server_ip_address
mkdir -p ~/.ssh
echo 'paste_your_public_key_here' >> ~/.ssh/authorized_keys
|
Ubuntu
Ubuntu comes with a SSH utility called OpenSSH that you can use to generate SSH keys. To use it, open the Terminal application and follow these steps:
- Type the following command to generate a pair of SSH keys and press Enter:
1
| ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
|
This will create a 4096-bit RSA key pair with your email address as a comment.
- You will be prompted to specify the file name and location for the keys. Press Enter to accept the default location, which is
/home/yourusername/.ssh/id_rsa
for the private key and /home/yourusername/.ssh/id_rsa.pub
for the public key.
1
| Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
|
- You will be asked to enter a passphrase for the keys. This is optional, but recommended for extra security. Type a secure passphrase and press Enter. You will need to enter the same passphrase again to confirm it.
1
2
| Enter passphrase (empty for no passphrase):
Enter same passphrase again:
|
- You will see a message that your keys have been generated, along with a fingerprint and a randomart image.
Your identification has been saved in /home/yourusername/.ssh/id_rsa
OK, I will continue generating the blog post.
- You will see a message that your keys have been generated, along with a fingerprint and a randomart image.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| Your identification has been saved in /home/yourusername/.ssh/id_rsa
Your public key has been saved in /home/yourusername/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx your_email@example.com
The key's randomart image is:
+---[RSA 4096]----+
| |
| |
| |
| |
| |
| |
| |
| |
| |
+----[SHA256]-----+
|
- To copy the public key to the remote server, you can use the
ssh-copy-id
utility. Type the following command, replacing remote_username
and server_ip_address
with the username and IP address of the remote server. You will be prompted to enter the password of the remote user.
1
| ssh-copy-id remote_username@server_ip_address
|
- Alternatively, you can manually copy the public key to the remote server. To do that, you need to open the public key file with a text editor, such as Gedit, and copy its contents. Then, you need to log in to the remote server using SSH, create a
.ssh
folder in your home directory if it does not exist, and append the public key to a file named authorized_keys
in the .ssh
folder. You can use the following commands to do that:
1
2
3
| ssh remote_username@server_ip_address
mkdir -p ~/.ssh
echo 'paste_your_public_key_here' >> ~/.ssh/authorized_keys
|
How to use SSH keys?
Once you have created and copied your SSH keys, you can use them to connect to the remote server without entering a password. To do that, you need to use the ssh
command with the -i
option to specify the path to your private key. For example, to connect to the remote server using the private key stored in the default location, you can use the following command:
1
| ssh -i ~/.ssh/id_rsa remote_username@server_ip_address
|
If you have added a passphrase to your private key, you will be asked to enter it once per session. If you want to avoid typing the passphrase every time, you can use a utility called ssh-agent
to store the passphrase in memory. To do that, you need to run the following commands:
1
2
| eval $(ssh-agent)
ssh-add ~/.ssh/id_rsa
|
You will be prompted to enter the passphrase once, and then it will be cached by the ssh-agent
. You can then connect to the remote server using the ssh
command without entering the passphrase again.
Conclusion
In this post, we have learned what SSH and SSH keys are, how they work, and how to create and use them on different operating systems. SSH keys are a secure and convenient way to access and communicate with remote servers over the internet. We hope you have found this post useful and informative. If you have any questions or feedback, please leave a comment below. Thank you for reading! 😊