Generate SSH Key Pair

0. Overview

In Server Security Series, I emphasized that if you want to log in with the root account, it is strongly recommended to use a key instead of a password. This has the advantage that the risk of password cracking can be avoided, and all IPs with wrong passwords can be banned, because I do not use passwords to log in at all.

1. Generate a key pair

implement:

Bash
1
2
3
4
# Make sure the .ssh directory exists
mkdir ~/.ssh
# Create a new key pair
ssh-keygen -t rsa

Among them, rsa is the key encryption algorithm, which supports dsa, ecdsa, ecdsa-sk, ed25519, ed25519-sk, rsa.

Pagoda recommends using ED25519, but I suggest that no matter which one you use, you must regenerate at least one RSA key, because many platforms do not support non-RSA keys, For example, Pagoda's own Baota Cloud Control Platform.

You need to enter the key storage location and password:

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):~/.ssh/id_rsa_2
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa_2
Your public key has been saved in /root/.ssh/id_rsa_2.pub
The key fingerprint is:
SHA256:2wxQFK0Y0AIfjUelIejxNNMV3Eco+oxjLg4 root@MyDemoServer
The key's randomart image is:
+---[RSA 3072]----+
| o...oo. |
| . . o+.o.. |
|o oo++..|
|o.. *.=.. |
|.+O =++S|
|+.+ =++o.= |
|+E.o==o.o|
| o... |
| +++ |
+----[SHA256]-----+

The default is /root/.ssh/id_rsa and /root/.ssh/id_rsa.pub, if it already exists, it will prompt:

Bash
1
2
/root/.ssh/id_rsa already exists.
Overwrite (y/n)?

At this time, overwriting is not recommended, otherwise existing services may be affected. You should enter n to exit, and then change the file name, such as /root/.ssh/id_rsa_2.

Leave it blank to indicate that there is no password, otherwise, you need to enter the set password again every time you use the key to log in.

After completion, you can see two files under /root/.ssh/, one is the private key, and the one with .pub suffix is the public key.

Assuming the public key is /root/.ssh/id_rsa.pub, then use:

Bash
1
2
3
4
# Make sure authorized_keys exists
touch /root/.ssh/authorized_keys
# Append to the end of the file
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

Then download id_rsa, you can log in with this key.

Author
Hsukqi Lee
Posted on

2023-05-18

Edited on

2023-05-18

Licensed under

CC BY-NC-ND 4.0

Comments

Name
Mail
Site
None yet