Create and use SSH keys

🍪 3 min read

SSH keys are a great authentication method using public-key cryptography for authentication. I use SSH keys mostly to remote login on other computer systems and authenticate myself on GIT services like GitHub, GitLab or bitbucket.

Last edits:

  • (2018-11-12): Added note about ssh-copy-id to easily copy public ssh keys to a remote server.

Create SSH keys

Create your own SSH key, like this:

ssh-keygen -t ed25519 -o -a 100

This will generate a ED25519 key, which is a rather new EdDSA scheme. Because ED25519 are not supported by some older / embedded system I recommend to create a RSA key in addition.

ssh-keygen -t rsa -b 4096 -o -a 100

This will create two files - id_(rsa|ed25519) and id_(rsa|ed25519).pub - under /home/USERNAME/.ssh/ (when using default settings). id_(rsa|ed25519) is your private key, and should never be shared with anyone else, neither leave your personal system. id_(rsa|ed25519).pub is your public key.

There is an great article about Secure Secure Shell, which provides insights on how to setup secure SSH keys.

Copy (private) SSH keys to other systems

Note: Some people recommend to keep SSH keys on the system on which they where created and use different keys on different machines. For me its a compromise on security vs. usability to use my keys on all of my personal machines, because I don’t have to add the keys to all my remote systems, when I’ve bought a new machine.

To use a existing key on a new or freshly formatted system copy the keys to the .ssh directory and set the user access rights accordingly. The keys may be named different, especially if you want to use multiple keys.

mkdir ~/.ssh
cp id_rsa ~/.ssh
cp id_rsa.pub ~/.ssh
cp id_ed25519 ~/.ssh
cp id_ed25519.pub ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub

Copy to remote systems for remote login

To login on a remote machine you need to add your private key to the ~/.ssh/authorized_hosts file on the remote machine. To easily transfer your public SSH keys to remote machines you can use ssh-copy-id. I usually specify the exact key I want to use by adding the -i parameter. You can find more information on this in the ssh-copy-id documentation.

ssh-copy-id -i ~/.ssh/id_ed25519 username@remote-hostname

Store SSH key passphrases in the KDE Wallet

When a SSH keys passphrase is stored in the KDE Wallet it can be unlocked on login, thus you’re no longer required to type in your SSH keys passphrase in the terminal. To do so the ksshaskpass package is required. It should be installed by default on Kubuntu 18.04. If not install it via:

sudo apt install ksshaskpass
vim ~/.config/autostart-scripts/ssh-add.sh

Add the following content to the file:

#!/bin/sh
ssh-add $HOME/.ssh/id_ed25519 $HOME/.ssh/id_rsa </dev/null

After you’ve saved the script, it must be made executable:

chmod +x ~/.config/autostart-scripts/ssh-add.sh