The Geek Diary

SSH Authentication Files in Linux

by

Each user has the ability to create his or her own set of private and public keys. It doesn’t matter whether the user’s client machine is running Linux, MacOS, or Cygwin on Windows. In all three cases, the procedure is exactly the same.

To create the SSH keys simply run the ssh-keygen command as shown below:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/geek/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/geek/.ssh/id_rsa.
Your public key has been saved in /home/geek/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:oqDpCvAptbE8srN6Z4FNXxgkhPhjh1sEKazfMpxhVI8 geek@geeklab
The key's randomart image is:
+---[RSA 2048]----+
|...*+..          |
|o.+ .+.          |
|.+ oE .o         |
|. B + . .        |
|.=+% ...S        |
|.*O*+...         |
|* Bo..           |
|++..o            |
|B= o             |
+----[SHA256]-----+

There are several different types of keys that you can create, but the default 2048-bit RSA keys are considered as plenty strong enough for the foreseeable future. The private and public SSH keys work the same as we saw with GPG. You’ll keep your private keys to yourself, but you can share the public key with the world, if you so desire. In this case though, I’m only going to share my public key with just one server.

When prompted for the location and name of the keys, I’ll just hit Enter to accept the defaults. You could just leave the private key with a blank passphrase, but that’s not a recommended practice.

The following is a list of files that are used to configure SSH key-based authentication in Linux:

  • ~/.ssh/ — A directory that contains files related to SSH keys.
  • id_rsa — Contains the user’s private key.
  • id_rsa.pub — Contains the user’s public key.
  • authorized_keys — A file on the remote server that lists the public keys that the server accepts. In other words, the server uses this file to authenticate the client.
  • known_hosts — A file on the client that lists the public keys that the client accepts. In other words, the client uses this file to authenticate servers.
  • config — A file on the client that you can use to configure SSH connection settings, such as using an IdentityFile directive to associate multiple keys with specific servers.
Note: The /etc/ssh/ssh_config file is similar to ~/.ssh/config except that it applies globally rather than to a specific user.

You May Also Like