An SSH key pair is very useful when you want to more securely give, or get access to a server from another server or computer. This will allow the connecting computer to authenticate using a check (comparing) of keys instead of password. The key pair consists of two keys:
Public key (The lock)
.pub means public. Think of the public key as your lock. To be able to identify with your key (the private key) you need to install your lock on the server you want to connect to. It’s also harmless to share your lock with the world, **as long as you keep your key secret**.
When you want to be able to authorize using keys then it’s the public key you want to install with the server, or send to the people maintaining the server so they can add it for you.
Private key (The key)
The private key is named the same as your public key, but without
.pub. Think if it as the key to your lock(the public key). This should be kept safe.
Do not share your private key with anyone!
Some systems does make a key pair for you and suggest you install it on your computer, like cPanel, which is fine as long as you only use those keys to authenticate with the cPanel server that made them.
Time needed: 1 minute.
How to make a key pair
- Generate public/private RSA Key Pair
Enter the following command on the command line:
ssh-keygen -b 4096
This will generate something similar to this in your terminal app:
- Save the Key
After the first command is run you will be prompted with an option to enter the file in which to save the key. If you don’t already have a key you can press enter (use the default file and location).
- Add passphrase
Then you will be prompted with the option of adding a passphrase (password) to the key. This is highly recommended for personal keys! But can make it hard to make server to server automatic authentication work. If you don’t want to use passphrase, just press ENTER. When using SSH keys to migrate a site to Servebolt the passphrase should be empty.
- Confirm passphrase
Enter the passphrase again (or just hit ENTER if you left it empty).
The keygen will now display a randomart which is a human readable version of your keys just used when a human want to compare the public and the private key.
- Read public key
To read a public key we recommend using the
id_rsa.pubwith the keyname for the public key you want to view.
id_rsa.pubis the standard for most systems.