SSH

1 minute read
Tips
,

Key type

RSA keys are good but long and there is shorter and safer: ed25519

There may be edge cases where the ed25519 format is not supported, e.g. hardware appliances. For exemple, my personnal switch does not support anything elsa than RSA.

Recommendations

It is recommended to separate the keys for the different clients or environments managed.

To make this easier, the keys can be separated in dedicated folder. So for example, let’s say we have 2 clients: Bob and Alice. The keys could be saved in:

  • /home/gsac/.ssh/keys/bob/
  • /home/gsac/.ssh/keys/alice/

The keys folder need to be created as it doesn’t come in the default installation.

Generation

In order to create a ed25519 key, you need to run the following command, pay attention to the location where the key will be saved:

1$ ssh-keygen -t ed25519 -C "<a-description-or-comment>"
2Generating public/private ed25519 key pair:
3Enter file in which to save the key (/home/gsac/.ssh/id_ed25519): <enter-a-new-path>
4Enter passphrase (empty for no passphrase):
5Enter same passphrase again:
6[...]

Copy key file to server

We now can copy the newly created file to the remote server:

1$ ssh-copy-id -i ~/.ssh/keys/bob/bob.pub gsa@bob-web-01.bob.com

SSH config file

Now that the keys have been created and uploaded, to avoid having to specify them at each command, we need to specify them at the SSH config file level:

1Host bob
2       HostName    bob-web-01.bob.com
3       User        gsa
4       IdentityFile    ~/.ssh/keys/bob/bob