Generating Authentication Keys

Execute the following command to create a new key pair within the user's home directory. The ~ symbol represents the home path, typically /home/username for standard users or /root for the superuser.

ssh-keygen -t ed25519 -C "admin@example.org" -f ~/.ssh/work_identity

• -t: Defines the encryption algorithm. While rsa is common, ed25519 is recommended for modern security.
• -C: Adds a comment label, often an email address, to identify the key.
• -f: Specifies the output filename. Leaving this default creates id_ed25519.

Press Enter to acept default settings when prompted. This process generates two files: the private key (work_identity) and the public key (work_identity.pub).

Distributing Public Keys too Remote Hosts

To enable login without passwords, the public key must be placed on the target server. The ssh-copy-id utility automates this.

ssh-copy-id -i ~/.ssh/work_identity.pub user@192.168.1.50

• -i: Points to the public key file generated earlier.
• user: The remote username.
• 192.168.1.50: The destination IP address or domain.

If a non-standard port is required, pass the SSH option directly:

ssh-copy-id -o "Port=2222" -i ~/.ssh/work_identity.pub user@192.168.1.50

Understanding the Manual Process

The ssh-copy-id tool simplifies several manual steps required to authorize a key. Performing this manually involves:

1. Reading the public key content:

   cat ~/.ssh/work_identity.pub
   

2. Connecting to the remote server via password.
3. Ensuring the .ssh directory exists with strict permissions:

   mkdir -p ~/.ssh
   chmod 700 ~/.ssh
   

4. Appending the public key to the authorized list:

   echo "<public_key_content>>" >> ~/.ssh/authorized_keys
   chmod 600 ~/.ssh/authorized_keys
   

Connecting via SSH

Once configured, the SSH client automatically attempts key-based authentication if the private key is in the default location or loaded into the agent.

ssh user@192.168.1.50

To specify a private key explicitly:

ssh -i ~/.ssh/work_identity user@192.168.1.50

Managing Multiple Identities

When handling several servers or services, maintaining distinct keys prevents conflicts. Create a configuration file at ~/.ssh/config to define aliases and specific key mappings.

# Production Database Server
Host prod-db
    HostName 203.0.113.10
    User ubuntu
    IdentityFile ~/.ssh/prod_key
    PreferredAuthentications publickey

# Git Repository Host
Host code-storage
    HostName git.example.com
    User git
    IdentityFile ~/.ssh/git_key
    PreferredAuthentications publickey

• Host: A local alias used for connecting.
• HostName: The actual IP or domain of the server.
• User: The default username for this host.
• IdentityFile: The path to the specific private key.
• PreferredAuthentications: Forces the method, usually set to publickey.

Utilizing Configuration Aliases

After saving the config file, connect using the defined aliases instead of full addresses.

ssh prod-db
ssh code-storage

Integrating with Version Control

SSH configuration aliases work seamlessly with Git. When cloning repositories, replace the standard domain with the configured Host alias.

git clone code-storage:team/project-repo.git

In this example, code-storage resolves to git@example.com using the ~/.ssh/git_key private key as defined in the SSH config file.