{{tag>linux ssh ssh-keygen}}
======ssh with key files======
The advantages of using SSH key-based include: 
  *Improved security
  *Easier access to ssh (if password keys are not used)
 
Clearly use of unique password encrypted keys gives best security.  However if a user has access to you terminal and user password they effectively have full system access anyway.

<fc #ff0000>The use of ''sudo'' should not be necessary as the keys created should be user based.</fc>
=====ssh-keygen======
The  ''ssh-keygen'' command is used to create ssh key pairs

//Use ''man ssh-keygen'' to see options and description of command.//

====ssh-keygen default====
  * ''ssh-keygen''  creates a SSH key pair.  The defaults are:
    * home directory ''/homeuser/.ssh''
    * public key ''/home/user/.ssh/id_rsa''
    * private key ''/home/user/.ssh/id_rsa.pub''

====ssh-keygen with filename====
  * ''ssh-keygen -f .ssh/key-with-password''  creates a SSH key with non-default name and location.  The defaults are:
    * public key ''/home/user/.ssh/key-with-password''
    * private key ''/home/user/.ssh/key-with-password.pub''

====Warning====
<fc #ff0000>//During further SSH key pair generation, if you do not specify a unique file name, you are prompted for permission to overwrite the existing id_rsa and id_rsa.pub files. If you overwrite the existing id_rsa and id_rsa.pub files, you must then replace the old public key with the new one on ALL of the SSH servers that have your old public key.
//</fc>

Once you have generated the keys, they are stored in the /user/home/.ssh/ directory with the following permissions:
    *Private key - 600
    *Public key - 644

=====sharing keys=====
Some examples:
  *''ssh-copy-id -i .ssh/key-with-pass.pub user@destination''  generic example
  *''ssh-copy-id -i .ssh/id-rsa.pub john.doe@192.168.0.1'' Will copy the default created id_rsa.pub key to IP 192.168.0.1 for user john.doe

The remote ssh will ask for remote shell password.

//Use ''man ssh--copy-id'' to see options and description of command.//
=====references=====
[[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]]

<- tech_notes:git|back ^ tech_notes:index|Start page ^ tech_notes:s6|next->