Actions

Generate a public/private key pair with OpenSSH

From ALICE Documentation

Revision as of 10:28, 17 April 2020 by Dijkbvan (talk | contribs) (Created page with "==Generate a public/private key pair with OpenSSH== A key pair might already be present in the default location inside your home directory. Therefore, we first check if a key...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Generate a public/private key pair with OpenSSH

A key pair might already be present in the default location inside your home directory. Therefore, we first check if a key is available with the “list short” (“ls”) command:

 $ ls ∼/.ssh

If a key-pair is already available, you would normally get:

 authorized_keys     id_rsa     id_rsa.pub     known_hosts

Otherwise, the command will show:

 ls: .ssh: No such file or directory

You can recognise a public/private key pair when a pair of files has the same name except for the extension “.pub” added to one of them. In this particular case, the private key is “id_rsa” and public key is “id_rsa.pub”. You may have multiple keys (not necessarily in the directory “∼/.ssh”) if you or your operating system requires this. You will need to generate a new key pair, when:

  1. you don’t have a key pair yet
  2. you forgot the passphrase protecting your private key
  3. or your private key was compromised

For extra security, the private key itself can be encrypted using a “passphrase”, to prevent anyone from using your private key even when they manage to copy it. You have to “unlock” the private key by typing the passphrase. Be sure to never give away your private key, it is private and should stay private. You should not even copy it to one of your other machines, instead, you should create a new public/private key pair for each machine.

 $ ssh-keygen -t rsa -b 4096 
 Generating public/private rsa key pair. 
 Enter file in which to save the key (/home/user/.ssh/id_rsa): 
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in /home/user/.ssh/id_rsa. 
 Your public key has been saved in /home/user/.ssh/id_rsa.pub.

This will ask you for a file name to store the private and public key, and a passphrase to protect your private key. It needs to be emphasised that you really should choose the passphrase wisely! The system will ask you for it every time you want to use the private key that is every time you want to access the cluster or transfer your files.