CCNA HUB

CCNA and Linux Training Hub!

CCNA and Linux Training Hub!

  • Home
  • R&S
    • IP Fundamentals
    • Switching
    • Routing
    • IPv4 Suite
    • IPv6 Suite
    • Labs
  • Linux
    • Virtualization 101
    • Basic Configuration
    • Security Measures
    • Database Server
    • Web Server
    • HTTP Tuneup
    • FTP Server
    • Mail Server
    • DNS Server
    • Control Panels
    • Monitoring
    • Backup and Maintenance
  • WordPress
  • About
    • Contact Us
    • Be part of It
    • Under the Hood
CCNA HUB > Blog > Linux > Configuring SSH-Key Based Authentication > Creating SSH-Keys using Terminal Keys Generator

Creating SSH-Keys using Terminal Keys Generator

By Imad Daou Leave a Comment

Post Views: 4,153

Building Professional Web Hosting Solution
<< Linux Basic Setup and Configuration Course
>> Configuring SSH-Key Based Authentication Section

section table
  1. Understanding SSH-Keys Based Authentication
  2. Creating SSH-Keys using Putty Keys Generator
  3. Creating Public VPS Droplet using DigitalOcean
  4. Managing Linux VPS Instance via Putty SSH Client
  5. Managing Linux VPS Instance via WinSCP Client
  6. Creating SSH-Keys using Terminal Keys Generator
  7. Switching SSH Password to SSH-Keys Authentication
  8. Uploading Admins and Friends SSH-Keys to VPS
  9. Uploading SSH Public Keys using VPS Panel
  10. SSH Hopping using SSH Agent Forwarding
  11. Deploying Public VPS instance using Vultr Provider
  12. Securing and Hardening SSH Server Configuration
  13. SSH Server and Client Most Known Error Messages
Creating SSH-Keys using Terminal Keys Generator
Image Source

Creating SSH-Keys using Terminal Keys Generator is highly recommended before deploying your VPS instance, hence, SSH-Keys Authentication will be used instead of Password Authentication. SSH-Keys are part of the OpenSSH package which provides secure and encrypted communication between SSH Client (Admin Station) and the OpenSSH Server (VPS). SSH-Keys make it possible to have Multifactor Authentication mechanism between your Admin Station and your VPS.

Objectives:

Creating SSH-Keys using Linux Terminal

Prerequisites:

A. Basic Debian or Red Hat Linux Knowledge

B. Login to your DigitalOcean or Vultr Account

Recommendations:

For better performance, use VPS with at least 2 CPUs, 4G Memory, 1G Bandwidth, and SSD Storage drive.

Creating SSH-Keys using Linux Terminal

At your Linux or UNIX station, run the following steps to generate SSH-Keys Pair.

Run the following steps ( 1 to 5)

1. Create SSH Directory

mkdir -p /root/.ssh/

2. Generate SSH Keys

ssh-keygen -t rsa -b 2048 -C "[email protected]"

As you probably guessed, -t switch used to choose rsa encryption (RSA is an Encryption Standard), -b switch used to pick Key Length 2048, -C switch used to insert comment such “[email protected]” or something like “RSA-2048-Vultr-Apache-Debian7-VPS” be informative as possible. Besides, the Private and Public Keys should be saved under /root/.ssh/ directory.

“Passphrase” protects your Private Key in case someone access it without your permission.

TIP: Passphrase can be easy to remember and very strong to break, pick Few Words and Numbers as sentence to remember it. E.g. “I was born in Europe 1985, but I was raised in NY, USA since 90’s.” your Passphrase would be as follows Iwbie1biwrinus9 – it starts with capital ” I “. It would take a desktop PC approximately 8,707,845,285 years and 28 days to Brute Force and Crack this Passphrase! Notice, that I picked the first alphabet and the first digit to build the passphrase, besides, you can write these sentences safely on your personal notebook.

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):> Leave it as is - Press Enter
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
bb:f6:fc:01:cf:af:12:dc:0c:1b:28:e6:e0:37:05:cb RSA-2048-DigitalOcean-Apache-Debian7-Droplet
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|      .          |
|     . o .       |
|    . E o o      |
|   . + oS..*     |
|    . +  .++o    |
|     . ..  .+    |
|        .o.  o   |
|       ...ooo..  |
+-----------------+

3. List SSH-Keys

ls -lah /root/.ssh/

You should be able to list the Private and Public Keys as shown below:

[[email protected] ~]# ls -lah /root/.ssh/
total 16K
drwxr-xr-x 2 root root 4.0K May 15 15:35 .
drwx------ 5 root root 4.0K May 15 15:31 ..
-rw------- 1 root root 1.8K May 15 15:35 id_rsa
-rw-r--r-- 1 root root  403 May 15 15:35 id_rsa.pub

For security reasons, the private key Must be readable and writable only by root, and the public key can be readable by others.

4. View the Public Key

cat /root/.ssh/id_rsa.pub

You should be able to see a Public Key String similar to the following:

Example of Public Key String

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtPn5Q0Iu1YggYYySnSA3mEh440jgj1zNo5Gy6p4Puj8xakBz2qJHM0nMPpL/ZMXWb0h7EvrnZ2aJSmQKJYX2IzNW0L8gScXdbUndxwFiWfsOGpFukhn2E3dBM+E4sCwK0uqBhf6FIyVmq9LSvNW1de0ZqfAzD8NbcxGmRgAFIIl0Rjrdotj9IFTBrKGnT6SwDquRfD6HwcodvpNNpFxPPrhDNBJmhhTs/0f6SDluJmMQoHmRAm3Cq2/+cb14Z+cd3hnmIltRHvKjRbEWVJDmFn4eIwbcW0r2/thG3TghHhxyAZ9xk+2FE5IHSej5xcU2VT+Fwr62asvDZAJa7yTav RSA-2048-DigitalOcean-Apache-Debian7-Droplet

5. View the Private Key

cat /root/.ssh/id_rsa

You should be able to see a Private Key similar to the following:

Example of Private Key String

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,6783FEF8CB4A9CBD8574C63B80FFA9EE

ZAoBmMIUi83mGa5DzIqczlIpnC4LWGyYlHHrw5zSvxiSjmHQ3p1dIudTM+BBEy1E
KiYwr1WTwj60EmssylZbdMH7NEdxu4w57/mxrIptvYhVbAJd0KNqAbz2Ete7hysu
o2Nz+ztm+9JyDRCYdLPAFYHXbdhcJs+qJskrxR69xmY9K+phFNx0Ae1HDptq8w/P
LZrcTaofwmuBCwsCzYkg9fuRlwKTsqEbPHwsd+kP+5hO/VrSSwhFaHWpWmVeeR6r
wrpmZHstxGQnAnTihKcTvvgV7v7t68OaWCgKHGu+vwArKqLmtSNetGDuLLmwFWJI
qfre+Z6te+yktY69p/2blqah9JmoaJbBPgLegclIXu7sUKgSoPlKyY8yFDkYl6Pm
ELBAjgKtHK8GBL+/oJ+kZqgl63JxqYxCdYL5DQIYMyJZIHle5tvOCRxmJNzpYaeO
udFnClxpdJBZVa5ekGMSTNJLRukdM65wGHfwKiGImaYLmMq1plAGYi5wSWSHPYzO
21rnWP5HjuwJEQe7xEttrjqiHBUsIy0HN4N68yNpJyse3CiCW8aUUDJHM7yWPHFi
[...]
-----END RSA PRIVATE KEY-----

Note: Never copy a Private key out of your station, send it as attachment, or move it to different station. Only Public Key is needed to be outside of your station. If you want to access your VPS from different Admin station, create another SSH-keys on that station and upload the Public key part to the Server. Public key can be used across unlimited number of VPS instances, and any VPS can hold multiple Public Keys form different IT professionals.

Subject Related

By Wikipedia SSH | About SSH | Debian HowTo SSH-Keys | CentOS HowTo SSH-Keys | IBM SSH Key management Part1 and Part2

Building Professional Web Hosting Solution
<< Linux Basic Setup and Configuration Course
>> Configuring SSH-Key Based Authentication Section

section table
  1. Understanding SSH-Keys Based Authentication
  2. Creating SSH-Keys using Putty Keys Generator
  3. Creating Public VPS Droplet using DigitalOcean
  4. Managing Linux VPS Instance via Putty SSH Client
  5. Managing Linux VPS Instance via WinSCP Client
  6. Creating SSH-Keys using Terminal Keys Generator
  7. Switching SSH Password to SSH-Keys Authentication
  8. Uploading Admins and Friends SSH-Keys to VPS
  9. Uploading SSH Public Keys using VPS Panel
  10. SSH Hopping using SSH Agent Forwarding
  11. Deploying Public VPS instance using Vultr Provider
  12. Securing and Hardening SSH Server Configuration
  13. SSH Server and Client Most Known Error Messages
  • Was this information helpful?
  • Yes(0)   No(0)
Get Linux Updates!

tux_toilet

Filed Under: Linux, Configuring SSH-Key Based Authentication Tagged With: SSH-Keys, OpenSSH, SSH, SSH Client

About Imad Daou

CCNA HUB Founder, Imad has been in IT field since 2007. Currently holding A+, Network+, Server+, Security+, and Storage+. HP, Dell, and IBM Hardware Certified. Pursuing Linux+, LPIC-2, RHCSA, RHCE, AWS, CCNA, and JNCIA.

LEAVE A COMMENT Cancel reply

We're glad you have chosen to leave a comment. All comments are moderated according to our comment policy. Use your real name and not keywords in the name field. Let's have a personal and meaningful conversation.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Categories

Get CCNA HUB Updates!

MISSION

CCNA, Linux, and Wordpress Training Hub. For Students, Network Pros, DevOps, Linux/Wordpress Lovers, and Entrepreneurs. CCNA HUB Articles and Labs will help you build a solid foundation in Network, Linux, and Wordpress. E.g. Linux WHS will show you how to build a Professional Web Hosting Solution using DigitalOcean or Vultr VPS provider.

TAG CLOUD

WAN TCP virtual circuit switches transmission control protocol transport layer udp sockets Wordpress Multisite SSH Agent Forwarding sudo Wordpress Hosting Hub wordpress.org CMS tcp sockets SSH Client wide area network VLSM wordpress CMS T1 understanding Routing subnet mask su understanding switching transport layer protocols VPS Hosting TCP/IP

RSS UPDATES

  • IP Fundamentals
  • CCNA R&S
  • CCNA Labs
  • Linux WHS
  • Wordpress
  • All CCNA HUB Topics

Copyright © 2023 ·Genesis Sample Theme - Genesis Framework by StudioPress - WordPress - Log in

This website uses cookies. By continuing to browse the site, you are agreeing to our use of cookies
  • Home
  • R&S
    • IP Fundamentals
    • Switching
    • Routing
    • IPv4 Suite
    • IPv6 Suite
    • Labs
  • Linux
    • Virtualization 101
    • Basic Configuration
    • Security Measures
    • Database Server
    • Web Server
    • HTTP Tuneup
    • FTP Server
    • Mail Server
    • DNS Server
    • Control Panels
    • Monitoring
    • Backup and Maintenance
  • WordPress
  • About
    • Contact Us
    • Be part of It
    • Under the Hood