Ssh keys, creating

From FreeBSDwiki
Jump to: navigation, search

Creating ssh keys is fairly simple, you just need to run the ssh-keygen component of the ssh toolkit:

dave@abulafia % ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/dave/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dave/.ssh/id_dsa.
Your public key has been saved in /home/dave/.ssh/
The key fingerprint is:
b0:42:b9:3b:f3:a1:c5:92:d8:ec:a1:22:b0:fa:22:55 dave@abulafia.local
dave@abulafia %

This will create two files in your ~/.ssh directory: id_dsa and id_dsa is your private key and the .pub file is the public key. Copy your private key to someplace secure and make sure no one gets hold of it; by default only the user who created it should own it and have rights to read or write to it. The public key can be copied to any host you want to authenticate to using the private key.

The -t switch is used to specify between DSA and RSA keys, the specific differences between which are outside the scope of this article, but in function they are (normally) the same.1 If you want to create an RSA key, use -t rsa instead of -t dsa.

It's worth noting that if you give a passphrase during the creation of the key, you'll be required to provide that passphrase every time you want to authenticate against the public key with your private key. Leaving the passphrase key is less secure but sometimes desirable for passwordless authentication

1 The compact version: dsa only does signing, rsa does encryption; rsa cannot be exported outside of the United States, dsa can. DSA was privately made and released by the NSA and is based on the ElGamal and Schnorr algorhithms, RSA was released to public review by Rivest, Shamir and Alderman -- whence the name -- and is based on their own algorithm. RSA keys are the de facto standard, but DSA is generally considered just as strong.

Personal tools