{{tag>linux ssh ssh-keygen}} ======ssh with key files====== The advantages of using SSH key-based include: *Improved security *Easier access to ssh (if password keys are not used) Clearly use of unique password encrypted keys gives best security. However if a user has access to you terminal and user password they effectively have full system access anyway. The use of ''sudo'' should not be necessary as the keys created should be user based. =====ssh-keygen====== The ''ssh-keygen'' command is used to create ssh key pairs //Use ''man ssh-keygen'' to see options and description of command.// ====ssh-keygen default==== * ''ssh-keygen'' creates a SSH key pair. The defaults are: * home directory ''/homeuser/.ssh'' * public key ''/home/user/.ssh/id_rsa'' * private key ''/home/user/.ssh/id_rsa.pub'' ====ssh-keygen with filename==== * ''ssh-keygen -f .ssh/key-with-password'' creates a SSH key with non-default name and location. The defaults are: * public key ''/home/user/.ssh/key-with-password'' * private key ''/home/user/.ssh/key-with-password.pub'' ====Warning==== //During further SSH key pair generation, if you do not specify a unique file name, you are prompted for permission to overwrite the existing id_rsa and id_rsa.pub files. If you overwrite the existing id_rsa and id_rsa.pub files, you must then replace the old public key with the new one on ALL of the SSH servers that have your old public key. // Once you have generated the keys, they are stored in the /user/home/.ssh/ directory with the following permissions: *Private key - 600 *Public key - 644 =====sharing keys===== Some examples: *''ssh-copy-id -i .ssh/key-with-pass.pub user@destination'' generic example *''ssh-copy-id -i .ssh/id-rsa.pub john.doe@192.168.0.1'' Will copy the default created id_rsa.pub key to IP 192.168.0.1 for user john.doe The remote ssh will ask for remote shell password. //Use ''man ssh--copy-id'' to see options and description of command.// =====references===== [[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]] <- tech_notes:git|back ^ tech_notes:index|Start page ^ tech_notes:s6|next->