SSH keys are a great authentication method using public-key cryptography for authentication. I use SSH keys mostly to remote login on other computer systems and authenticate myself on GIT services like GitHub, GitLab or bitbucket.
- (2018-11-12): Added note about ssh-copy-id to easily copy public ssh keys to a remote server.
Create SSH keys
Create your own SSH key, like this:
ssh-keygen -t ed25519 -o -a 100
This will generate a ED25519 key, which is a rather new EdDSA scheme. Because ED25519 are not supported by some older / embedded system I recommend to create a RSA key in addition.
ssh-keygen -t rsa -b 4096 -o -a 100
This will create two files - id_(rsa|ed25519) and id_(rsa|ed25519).pub - under /home/USERNAME/.ssh/ (when using default settings). id_(rsa|ed25519) is your private key, and should never be shared with anyone else, neither leave your personal system. id_(rsa|ed25519).pub is your public key.
There is an great article about Secure Secure Shell, which provides insights on how to setup secure SSH keys.
Copy (private) SSH keys to other systems
Note: Some people recommend to keep SSH keys on the system on which they where created and use different keys on different machines. For me its a compromise on security vs. usability to use my keys on all of my personal machines, because I don’t have to add the keys to all my remote systems, when I’ve bought a new machine.
To use a existing key on a new or freshly formatted system copy the keys to the .ssh directory and set the user access rights accordingly. The keys may be named different, especially if you want to use multiple keys.
mkdir ~/.ssh cp id_rsa ~/.ssh cp id_rsa.pub ~/.ssh cp id_ed25519 ~/.ssh cp id_ed25519.pub ~/.ssh chmod 600 ~/.ssh/id_rsa chmod 644 ~/.ssh/id_rsa.pub chmod 600 ~/.ssh/id_ed25519 chmod 644 ~/.ssh/id_ed25519.pub
Copy to remote systems for remote login
To login on a remote machine you need to add your private key to the ~/.ssh/authorized_hosts file on the remote machine. To easily transfer your public SSH keys to remote machines you can use ssh-copy-id. I usually specify the exact key I want to use by adding the -i parameter. You can find more information on this in the ssh-copy-id documentation.
ssh-copy-id -i ~/.ssh/id_ed25519 username@remote-hostname
Store SSH key passphrases in the KDE Wallet
When a SSH keys passphrase is stored in the KDE Wallet it can be unlocked on login, thus you’re no longer required to type in your SSH keys passphrase in the terminal. To do so the ksshaskpass package is required. It should be installed by default on Kubuntu 18.04. If not install it via:
sudo apt install ksshaskpass vim ~/.config/autostart-scripts/ssh-add.sh
Add the following content to the file:
#!/bin/sh ssh-add $HOME/.ssh/id_ed25519 $HOME/.ssh/id_rsa </dev/null
After you’ve saved the script, it must be made executable:
chmod +x ~/.config/autostart-scripts/ssh-add.sh