Ssh Config Key File

Oct 20, 2014 The first step to configure SSH key authentication to your server is to generate an SSH key pair on your local computer. To do this, we can use a special utility called ssh-keygen, which is included with the standard OpenSSH suite of tools. By default, this will create a 2048 bit RSA key pair, which is fine for most uses. SSH Config File Location OpenSSH client-side configuration file is named config, and it is stored in the.ssh directory under the user’s home directory. The /.ssh directory is automatically created when the user runs the ssh command for the first time. If the directory doesn’t exist on your system, create it using the command below.

  1. Ssh Config Private Key File
  2. Ssh Config Host Key File
  3. Ssh Client Config Key File
  4. Ssh Config File Format

How to create ssh keys and manage multiple keys

How to create ssh keys, how to get them safely to your server, and how to manage multiple keys and make ssh-ing into a machine really easy.

Check for existing ssh keys

List files in the default, hidden, ssh directory:

Config

If you don’t have an ~/.ssh directory, go ahead and make it:

Ssh config host key file

Generate the ssh key

Make a key using the ssh-keygen utility, run that command on your local machine:

It’ll ask you where to save it, if this is the first key you’re making, then just hit enter and it’ll make it in ~/.ssh/id_rsa. If you already have a key, and want to make new key, then use a different name, like ~/.ssh/id_rsa_foo, it can be anything though.

Next it asks to make a passphrase, it’s a password you have to type when logging in with the key. It can be left blank by hitting enter.

Two files were created:

id_rsa_foo
This is your key file that sits on the local machine.
id_rsa_foo.pub
this is the public file that goes to your remote server.

Now you have the key, go ahead and pop it open to a text editor, or cat it $ cat id_rsa_foo.

Show an example ssh key

And the public file looks approximately like this:

Third step: copy the key to remote server

If you used something like DigitalOcean to create your cloud server, then the key is already there. It’s in /root/.ssh/authorized_keys, to be precise.

But if you don’t have it, there are clever ways to copy it over.

In the remote machine there is a file ~/.ssh/authorized_keys, we need to upload the public key there, there are few way to go about this.

Method 1: ssh-copy-id

Probably the most painless solution, downside being it won't work on OS X (scroll to method #2 if you’re on OS X).

Ssh Config Private Key File

The syntax in whole goes like:

So the custom named pub file would go like this

Method 2: redirecting

This is more verbose but it should work:

Key

Note that a port is specified -p 5555, if you have your ssh listening to a default port, you might not need that.

Ssh Config Host Key File

Method 3: manual copy

Just copy and paste manually the public key, cat it out and just copy it:

Login to the remote server and find the ~/.ssh/authorized_keys and paste it at the end.

Test the ssh connection

Now it should work, test it by exiting your box ($ exit). Then try to ssh back into it by using the new key:

Ssh

The -i flag stands for identify, and should be a path to the file we just created.

Manage multiple ssh keys

It’s probably good to have many keys, e.g. one for GitHub, one for BitBucket, one for your server. By default ssh looks for the key called id_rsa.pub, we have to tell ssh to look for a different public key file depending on the service. This is where the config file comes handy.

SSH config file

The config file lives in ~/.ssh/config, if it’s not there, go ahead and make it: sudo touch ~/.ssh/config.

Contents of the file should looks something like:

Host
This can be anything, it’s the shortname.
HostName
IP or host name.
Port
Open port in the server, might not need this.
IdentityFile
Where the key file is.
User
User on the server, this is needed if your user on the server is different than on local machine.
Ssh

Now, logging in is as easy as: $ ssh myserver.

Add more servers after the first one, if needed:

Conclusions

Ssh Client Config Key File

If you ever have a whiff of doubt that your key is compromised, then make a new one.

Ssh Config File Format

Hope this was helpful.