Generate an SSH key and use it to log into a user on a new server.On your local computer, create an ssh key:
cd ~/.ssh
ssh-keygen -t rsa -b 4096 -C "your@email.com" -f id_whatever
# On Mac, copy the public key to clipboard
cat id_whatever.pub | pbcopy
What's that command doing:
-t rsa
- picking the RSA key type. This is the most-used, but see the resources link below to read on other types.-b 4096
- Key size (bits). "Larger is better", sort of.-C
- A comment, typically used to identity who the key belongs to (an email address or username)-f id_whatever
- The filename of the SSH key created. In this example, we'll getid_whatever
private key andid_whatever.pub
public key.
New User
On our new server in the video, we make a new user, and then add the SSH key to that user's authorized_keys
file, so that we can use our new SSH key to log in as that user.
On the new server:
# Create a new user, give it a password
# set any additional values you'd like
sudo adduser fideloper
# Log in as new user, create
# and go into a ~/.ssh directory
sudo su fideloper
mkdir ~/.ssh
cd ~/.ssh
# Create/edit ~/.ssh/authorized_keys dir
# and paste in the public key we put into
# our clipboard when we first created it
vim authorized_keys
Then you can log in as that user from your local computer!
# If you only have a few SSH keys, you won't hit the
# max attempts limit and can just do this:
ssh fideloper@server-ip
# If you want to explicitly say which ssh key to use, or
# have enough keys (like me!) to hit the max attempt limit:
ssh -o "IdentitiesOnly yes" -i ~/.ssh/id_whatever fideloper@server-ip
Resources
- RSA, DSA and ECDSA key types
- 2048 or 4096 bits for SSH keys