Decoding SSH: From Key Generation to Secure Server Access

by arun danielin SSHon Posted on

Introduction

SSH stands for Secure Shell, and as its name is saying, it is used to establish a secure connection between the client and its server. By default, every Linux based operating system supports SSH. SSH protocol is typically used for accessing, commanding, and transferring files remotely. So, in this post, you will demonstrate to generate SSH keys and use them to protect the server and precious information, as well as using these keys to automatically login into the destination SSH host without inputting a password.

SSH Key Generation

When we generate an SSH key pair, it is generated in two steps. One is the creation of an SSH key on the client-side, and the second is copying it to the server or any remote host. A key pair consists of Private and Public key files named id_rsa and id_rsa.pub respectively in the ~/.ssh directory. To generate a SSH key, you will run:

ssh-keygen

It will ask you to enter the file name in which you want to save the private and public key, or you can go with the default selected files “id_rsa” and “id_rsa.pub” in the “.ssh” directory which is usually located in /home/user/.ssh/ or c:\users\user\.ssh\. Press Enter to select the default provided file. Next, it will ask for the Passphrase. A passphrase is actually kind of an extra security layer for securing the connection between host and client. When you log in to the host, it will ask for the passphrase again. Either enter the passphrase, or you can leave it empty and hit Enter without providing any passphrase. Once you are done with the passphrase, the SSH key should be generated in the said directory, with the default algorithm and key size which is RSA and 3072, respectively (more information at the bottom for types and how you can modify to your needs).

Transferring the SSH Key to the Destination Host

You can simply copy the SSH key to the host by running the command given below in the client’s terminal.

ssh-copy-id username@host-ip-address

Replace the username and host-ip-address with your user name that you use to log into the destination host with and the destination host’s IP address. After running the above command, it will confirm from you to continue the connection; type “yes” to continue. Once it is copied successfully, you are ready to log in to the server’s machine using the SSH key (and not your password).

Logging Into the Destination Host

ssh username@host-ip-address

SSH Key Types and Sizes

By default, an SSH key is of the RSA type with a 3072-bit size. However, you can modify this.

The three main algorithms for generating SSH keys are:

  • RSA (Rivest Shamir Adleman) – These keys are based on the computational complexity of factoring large numbers, with a minimum size of 2048 bits.
  • DSA (Digital Signature Algorithm) – Typically used with a size of 1024 bits.
  • ECDSA (Elliptic Curves Digital Signature Algorithm) – Supports key sizes of 256, 384, and 521 bits.

To specify your preferred algorithm type and bit size, you can include these in the ssh-keygen command:

ssh-keygen -t dsa -b 1024 #creates a DSA key with a size of 1024 bits

Conclusion

Rather than use security prone and administration burdened passwords, a more secure way to log into a SSH server is via SSH Keys. This guide has walked you through generating SSH keys, transferring them to the host, and accessing the host using these keys.

Leave a Comment

Your email address will not be published. Required fields are marked *