This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. {{tag>linux ssh ssh-keygen}} ======ssh with key files====== The advantages of using SSH key-based include: *Improved security *Easier access to ssh (if password keys are not used) Clearly use of unique password encrypted keys gives best security. However if a user has access to you terminal and user password they effectively have full system access anyway. <fc #ff0000>The use of ''sudo'' should not be necessary as the keys created should be user based.</fc> =====ssh-keygen====== The ''ssh-keygen'' command is used to create ssh key pairs //Use ''man ssh-keygen'' to see options and description of command.// ====ssh-keygen default==== * ''ssh-keygen'' creates a SSH key pair. The defaults are: * home directory ''/homeuser/.ssh'' * public key ''/home/user/.ssh/id_rsa'' * private key ''/home/user/.ssh/id_rsa.pub'' ====ssh-keygen with filename==== * ''ssh-keygen -f .ssh/key-with-password'' creates a SSH key with non-default name and location. The defaults are: * public key ''/home/user/.ssh/key-with-password'' * private key ''/home/user/.ssh/key-with-password.pub'' ====Warning==== <fc #ff0000>//During further SSH key pair generation, if you do not specify a unique file name, you are prompted for permission to overwrite the existing id_rsa and id_rsa.pub files. If you overwrite the existing id_rsa and id_rsa.pub files, you must then replace the old public key with the new one on ALL of the SSH servers that have your old public key. //</fc> Once you have generated the keys, they are stored in the /user/home/.ssh/ directory with the following permissions: *Private key - 600 *Public key - 644 =====sharing keys===== Some examples: *''ssh-copy-id -i .ssh/key-with-pass.pub user@destination'' generic example *''ssh-copy-id -i .ssh/id-rsa.pub john.doe@192.168.0.1'' Will copy the default created id_rsa.pub key to IP 192.168.0.1 for user john.doe The remote ssh will ask for remote shell password. //Use ''man ssh--copy-id'' to see options and description of command.// =====references===== [[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]] <- tech_notes:git|back ^ tech_notes:index|Start page ^ tech_notes:s6|next->