Creating an SSH-key-pair

From Personal Knowledgebase

In this post we will show you how to create a ssh-key and how to upload it correctly to your server.

Generate ed25519 SSH Key

What is ed25519?

ed25519 is a relatively new cryptography solution implementing Edwards-curve Digital Signature Algorithm (EdDSA).

I say relatively, because ed25519 is supported by OpenSSH for about 5 years now – so it wouldn’t be considered a cutting edge. Still, people are such creatures of habits that many IT professionals daily using SSH/SCP haven’t even heard of this key type. Similarly, not all the software solutions are supporting ed25519 right now – but SSH implementations in most modern Operating Systems certainly support it. The Ed25519 was introduced on OpenSSH version 6.5. It’s the EdDSA implementation using the Twisted Edwards curve. It’s using elliptic curve cryptography that offers a better security with faster performance compared to DSA or ECDSA.

Why ed25519 Key is a Good Idea

Compared to the most common type of SSH key – RSA – ed25519 brings a number of cool improvements:

  • it’s faster: to generate and to verify
  • it’s more secure
  • collision resilience – this means that it’s more resilient against hash-function collision attacks (types of attacks where large numbers of keys are generated with the hope of getting two different keys have matching hashes)
  • keys are smaller – this, for instance, means that it’s easier to transfer and to copy/paste them

Generate ed25519 SSH Key

ssh-keygen -t ed25519 -C "comment"

Generate RSA Key SSH Key

- To generate an RSA-SSH-key, enter the following command on the "home" terminal:

ssh-keygen -t rsa -b 4096

1. -t stands for type and this determines the type of key 2. -b stands for bits. This can be used to determine the length of the key.

Saving the SSH-key

Enter file in which to save the key (/home/me/.ssh/id_rsa):

Here you can select a different location and an alternative name for the file containing the private key. Just press "Enter" to accept the given suggestion.

Enter passphrase (empty for no passphrase):

Optionally, a password for the public key can be assigned here. This is always queried when the public key file is used to establish a connection.

Enter same passphrase again:

Enter the same password again. If the field is empty, simply press "Enter"

Copying the SSH-key on your server

ssh-copy-id youruser@ip-address

Copy the public key to the desired server. For this the password of the server is necessary. NOTE: this will only work if the public key lays on the default location

Login without password-authentication

Now, if all of the steps are done right you´ll be able to login over ssh without your password. Simply connect over ssh (if you choose a password in the key, use the keys password

ssh youruser@ip-address