ssh-keygengenerates the key pair (private key
keyname and public key
keyname.pub). The easiest but somewhat more dangerous way is to use passphrase-less keys. Keys may be hardened against brute force attacks by increasing the number of rounds (
-a 128) and by making the keys longer (
-t rsa -b 4096). Don’t forget to add a comment
-C "comment" to the public key which makes it easier to be recognized:
ssh-keygen -a 128 -t rsa -b 4096 -C "comment" -f "keyname"
The private key is needed on any host used as a source for logging in. Any target system needs a
.ssh subdirectory in the home of the user allowed to login remotely with
rwx permissions for the owner (
chmod 700). A file called
authorized_keys is needed which holds the public keys of all remote hosts from where a login happens (
rw permissions for owner (
chmod 600) and make sure that the owner actually owns this file). The public key can be appended by using
cator it can be copied from a remote machine using
ssh-copy-id -i @.
ssh-copy-id works with
localhost in case the keys are generated on the target machine.