2.1.1. Generate a private/public key pair¶
Open a terminal and type the following command:
While interacting with ssh-keygen in the terminal, you will see something similar to:
Generating public/private rsa key pair. Enter file in which to save the key (~/.ssh/id_rsa): ### see note 1 below Enter passphrase (empty for no passphrase): ### see note 2 below Enter same passphrase again: Your identification has been saved in ~/.ssh/id_rsa Your public key has been saved in ~/.ssh/id_rsa.pub The key fingerprint is: 40:1f:33:78:32:51:b5:c4:51:56:99:b6:6a:3d:18:8b firstname.lastname@example.org The key s randomart image is: +---[RSA 2048]----+ | | | ..| | . .o.| | + +.o o+ | | + S.B.o.+.o| | E =++oooo+| | . =oo= ++.=| | *....Bo = | | o.o..+o.. | +----[SHA256]-----+
. You can leave the output file name blank (simply hit enter) for the default file name, or type a variation of ~/.ssh/my_chosen_name.
. You can leave the passphrase field empty but we strongly recommend you to choose and remember an easy but long passphrase. If you forget the passphrase, you need to generate a new key pair and replace the old public keys you installed on remote hosts.
The ssh-agent (see below) will assist you so that you only need to type the passphrase once per session.
18.104.22.168. Using an SSH agent¶
SSH-agent is a service on your computer to remember your ssh passphrase during your local session (that is, until you log out). This way, you do not have to type in that loooong passphrase every time you need to unlock your private key.
- Add the key to the local ssh-agent
Type the following on your terminal:
ssh-add ~/.ssh/id_rsa ### or the file name you provided to ssh-keygen
- While interacting with ssh-add in the terminal, you will see something similar to:
Enter passphrase for ~/.ssh/id_rsa: ### type it in Identity added: ~/.ssh/id_rsa
If this fails because “Could not open a connection to your authentication agent”, you need to start the ssh-agent daemon before you run ssh-add:
eval `ssh-agent -s`
- To list the keys loaded in the ssh-agent type the following on your terminal:
The output will be one line for each key stored in the ssh-agent, similar to:
2048 SHA256:ajAxT3T3ZKl2rALBGGmMqufU0n6XAU15lj+fObZEvrI ~/.ssh/id_rsa (RSA)