Creating SSH-Keys using Terminal Keys Generator

Creating SSH-Keys using Terminal Keys Generator is highly recommended before deploying your VPS instance, hence, SSH-Keys Authentication will be used instead of Password Authentication. SSH-Keys are part of the OpenSSH package which provides secure and encrypted communication between SSH Client (Admin Station) and the OpenSSH Server (VPS). SSH-Keys make it possible to have Multifactor Authentication mechanism between your Admin Station and your VPS.

Objectives:

Creating SSH-Keys using Linux Terminal

Prerequisites:

A. Basic Debian or Red Hat Linux Knowledge

B. Login to your DigitalOcean or Vultr Account

Recommendations:

For better performance, use VPS with at least 2 CPUs, 4G Memory, 1G Bandwidth, and SSD Storage drive.

Creating SSH-Keys using Linux Terminal

At your Linux or UNIX station, run the following steps to generate SSH-Keys Pair.

Run the following steps ( 1 to 5)

1. Create SSH Directory

mkdir -p /root/.ssh/

2. Generate SSH Keys

ssh-keygen -t rsa -b 2048 -C "RSA-2048-by-YourName-email@yourdomain.com-Client14"

As you probably guessed, -t switch used to choose rsa encryption (RSA is an Encryption Standard), -b switch used to pick Key Length 2048, -C switch used to insert comment such “RSA-2048-by-YourName-email@yourdomain.com-Client14” or something like “RSA-2048-Vultr-Apache-Debian7-VPS” be informative as possible. Besides, the Private and Public Keys should be saved under /root/.ssh/ directory.

“Passphrase” protects your Private Key in case someone access it without your permission.

TIP: Passphrase can be easy to remember and very strong to break, pick Few Words and Numbers as sentence to remember it. E.g. “I was born in Europe 1985, but I was raised in NY, USA since 90’s.” your Passphrase would be as follows Iwbie1biwrinus9 – it starts with capital ” I “. It would take a desktop PC approximately 8,707,845,285 years and 28 days to Brute Force and Crack this Passphrase! Notice, that I picked the first alphabet and the first digit to build the passphrase, besides, you can write these sentences safely on your personal notebook.

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):> Leave it as is - Press Enter
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
bb:f6:fc:01:cf:af:12:dc:0c:1b:28:e6:e0:37:05:cb RSA-2048-DigitalOcean-Apache-Debian7-Droplet
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|      .          |
|     . o .       |
|    . E o o      |
|   . + oS..*     |
|    . +  .++o    |
|     . ..  .+    |
|        .o.  o   |
|       ...ooo..  |
+-----------------+

3. List SSH-Keys

ls -lah /root/.ssh/

You should be able to list the Private and Public Keys as shown below:

[root@node ~]# ls -lah /root/.ssh/
total 16K
drwxr-xr-x 2 root root 4.0K May 15 15:35 .
drwx------ 5 root root 4.0K May 15 15:31 ..
-rw------- 1 root root 1.8K May 15 15:35 id_rsa
-rw-r--r-- 1 root root  403 May 15 15:35 id_rsa.pub

For security reasons, the private key Must be readable and writable only by root, and the public key can be readable by others.

4. View the Public Key

cat /root/.ssh/id_rsa.pub

You should be able to see a Public Key String similar to the following:

Example of Public Key String

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtPn5Q0Iu1YggYYySnSA3mEh440jgj1zNo5Gy6p4Puj8xakBz2qJHM0nMPpL/ZMXWb0h7EvrnZ2aJSmQKJYX2IzNW0L8gScXdbUndxwFiWfsOGpFukhn2E3dBM+E4sCwK0uqBhf6FIyVmq9LSvNW1de0ZqfAzD8NbcxGmRgAFIIl0Rjrdotj9IFTBrKGnT6SwDquRfD6HwcodvpNNpFxPPrhDNBJmhhTs/0f6SDluJmMQoHmRAm3Cq2/+cb14Z+cd3hnmIltRHvKjRbEWVJDmFn4eIwbcW0r2/thG3TghHhxyAZ9xk+2FE5IHSej5xcU2VT+Fwr62asvDZAJa7yTav RSA-2048-DigitalOcean-Apache-Debian7-Droplet

5. View the Private Key

cat /root/.ssh/id_rsa

You should be able to see a Private Key similar to the following:

Example of Private Key String

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,6783FEF8CB4A9CBD8574C63B80FFA9EE

ZAoBmMIUi83mGa5DzIqczlIpnC4LWGyYlHHrw5zSvxiSjmHQ3p1dIudTM+BBEy1E
KiYwr1WTwj60EmssylZbdMH7NEdxu4w57/mxrIptvYhVbAJd0KNqAbz2Ete7hysu
o2Nz+ztm+9JyDRCYdLPAFYHXbdhcJs+qJskrxR69xmY9K+phFNx0Ae1HDptq8w/P
LZrcTaofwmuBCwsCzYkg9fuRlwKTsqEbPHwsd+kP+5hO/VrSSwhFaHWpWmVeeR6r
wrpmZHstxGQnAnTihKcTvvgV7v7t68OaWCgKHGu+vwArKqLmtSNetGDuLLmwFWJI
qfre+Z6te+yktY69p/2blqah9JmoaJbBPgLegclIXu7sUKgSoPlKyY8yFDkYl6Pm
ELBAjgKtHK8GBL+/oJ+kZqgl63JxqYxCdYL5DQIYMyJZIHle5tvOCRxmJNzpYaeO
udFnClxpdJBZVa5ekGMSTNJLRukdM65wGHfwKiGImaYLmMq1plAGYi5wSWSHPYzO
21rnWP5HjuwJEQe7xEttrjqiHBUsIy0HN4N68yNpJyse3CiCW8aUUDJHM7yWPHFi
[...]
-----END RSA PRIVATE KEY-----

Note: Never copy a Private key out of your station, send it as attachment, or move it to different station. Only Public Key is needed to be outside of your station. If you want to access your VPS from different Admin station, create another SSH-keys on that station and upload the Public key part to the Server. Public key can be used across unlimited number of VPS instances, and any VPS can hold multiple Public Keys form different IT professionals.

Subject Related

By Wikipedia SSH | About SSH | Debian HowTo SSH-Keys | CentOS HowTo SSH-Keys | IBM SSH Key management Part1 and Part2