The SSH (Secure Shell) Protocol enables users to access a remote computer via an unsecured network safely. Although SSH supports password-based authentication, using SSH keys is usually preferred.
Creating SSH keys in Linux and macOS
SSH keys are a more secure way to access an SSH server since they are very resistant to typical brute force password hacking attacks. This article will explain what SSH keys are and how to create them.
Overview of the create SSH keys in Linux and macOS process
Whether you’re a Linux, Windows, or macOS user, connecting remotely to a computer can be time-consuming or even dangerous. SSH protocol allows us to connect to another computer via any network safely.
The device files may be accessed by entering just two pieces of information — al username and password. Traditional password authentication is a basic security mechanism that may have been adequate in the past to secure sensitive data but is no longer sufficient in light of the sophisticated methods hackers are deploying today. Additional security is therefore needed.
When used across numerous accounts and programs, human-generated passwords can grant access to the SSH server from any device, making them vulnerable to brute force attacks. Using SSH keys might be preferable to coming up with complex, random passwords.
What are SSH keys in Linux?
SSH key is a key pair that allows an SSH connection to another device without using a password. SSH keys are used to identify a user that is logging into an SSH server. They do so by leveraging public-key cryptography and challenge-response authentication.
This technique raises the bar of security to keep your private information safe. SSH keys, in contrast to passwords, are generated by the system automatically rather than by the user. SSH keys also guarantee that only authorized devices can establish connections.
How do SSH keys work?
The SSH server uses public-key cryptography — commonly referred to as asymmetric cryptography. Two distinct keys are needed for asymmetric cryptography, one of which must be secret and the other public. They form a key pair when combined.
When connecting to an SSH server, both directions employ public-key cryptography. The following two key pairs:
- Host (Server) Key Pair
- Private Key: Stored safely on the server and is only accessible by the server’s administrator.
- Public Key: Identifies which server a user is connecting to.
- User (Client) Key Pair
- Private Key: Must be stored on the device using the SSH client and should be encrypted by a passphrase secure enough to persevere in the face of a brute force attack.
- Public Key: Must be stored on the server.
The end user would have to input the password specified when the key pair was created for the SSH client to decrypt the private key during the connection attempt. The SSH client would then transmit the private key to the server in an encrypted form. The public key for that specific username that is kept on the server would then be compared to that key. The SSH server will allow access to the connecting client if the verification is successful.
An SSH agent allows passphrases to be stored on a device. If one device uses an SSH key to connect to many servers, it should have a private public key for each server in order to increase security. In this scenario, having a private public key would entail having a unique public key for each server the device will be connected to. It wouldn't be a good idea to use a single public key for several server connections, just as it's not a good idea to use the same password for various services.
Read on to learn to create SSH keys in Linux and macOS using the ssh-keygen command to generate them.
About how to create SSH keys in Linux and macOS
An SSH key will need to be generated using the terminal of your device. The quickest way to create it would be using the ssh-keygen command:
$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/amy/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
The keys will be saved to a default location or, if one was specified, in a separate file. Choose one:
- If you do want a passphrase, type it now and press the Enter key. Type the passphrase again when prompted.
- If you do not want a passphrase, press the Enter key twice in succession without entering a passphrase.
Your identification has been saved in /home/amy/.ssh/id_rsa
Your public key has been saved in /home/amy/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:WKPUwvkUIvssu62172xVCMaWgFrbtWwOY73jQkftHDg
The key's randomart image is:
+---[RSA 4096]----+
| ..oo.. |
| o+ +B. |
| o.o=*== . |
| . .+=BE.+ . |
| ..=*S= o |
| o. = + |
| ...o o |
| +.oo |
| o.o=+ |
+----[SHA256]-----+
Now that you’ve created your new SSH key pair, you’ll need to transfer the public key onto a device you’ll connect to:
- If you’re connecting to a Nexcess Cloud plan, you’ll need to review instructions on how to add an SSH key to the server for your Nexcess Cloud account in our knowledge base.
- If you’re connecting to one of our legacy plans, you’ll be looking for instructions on resetting your SSH password and adding SSH keys in SiteWorx.
Once you’ve added the public key to your server, you can test the connection using the basic ssh command shown below. You must type in “yes” to accept the fingerprint of the server’s key. If prompted, you must type in the passphrase you created with the key.
$ ssh newuser@server_hostname
The authenticity of host 'server_hostname (IP_address)' can't be established.
ED25519 key fingerprint is SHA256:Ckz9O3whvofQZK2i74J2LezkPkFc+Rffai5z7OUlkew.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'server_hostname' (ED25519) to the list of known hosts.
[newuser@server_hostname ~]$ pwd
/home/newuser
If you are connecting to the Nexcess Cloud server, you’ll notice the SSH username looks randomly generated. In our knowledge base, you can find more information about Secure Shell (SSH) user setup, access, and FAQ for the Nexcess Cloud.
Cloud-based ecommerce hosting plans with Nexcess can accommodate your business growth
This article discussed how to create SSH keys in Linux and macOS. Indeed, SSH keys are a more secure way to access an SSH server since they better resist hacking attacks.
Having a savvy technology partner handling the web hosting portion of online business can be a strategic win. Our cloud-based ecommerce scalable hosting plans have built-in features to facilitate performance as your business expands. We manage an application technology stack that is stable, flexible, and optimized for security and speed.
All the user web hosting features you want, without the hassle
We believe in the promise of cloud: scalability, security, performance, and ease of use. Together with our team, clients, and partners, we’ve built better cloud hosting
Our extensive web hosting blog and knowledge base provides helpful information on various topics that might be of interest to you, including the Nexcess hosting and Nexcess Client Portal guide for all your questions regarding our customized Nexcess Client Portal.
New customers love the fact that website migrations to Nexcess hosting are free. Our team of web admins is ready to resolve any issue might arise along the way.
Note about the original publication date
This article was originally published in September 2019. It has since been updated for accuracy and comprehensiveness.