Table of Contents
- Introduction
- What is SSH Keys?
- Working Of SSH Keys
- Creation of SSH Keys
- Copying Key to Remote Server
- Conclusion
Introduction
Normally, when we connect to a server using ssh, we use the password for that user. Do you use simple password which include "123" or your name? Do you think it is safe? Absolutely not!
SecLists, a popular open-source project by Daniel Miessler & others, is a collection of various wordlists and lists used in security testing (penetration testing, red teaming, etc.). The lists include things like common usernames, URLs, known password strings, etc. The goal is to provide testers with ready-made lists that can be used for bruteforce attacks, scanning for vulnerabilities, password cracking, etc.
So the best way to create a secure authenticated connection is using SSH key pairs. You don't have to remember your passwords know, just use the ssh keys instead.
What is SSH Keys?
SSH keys contain two keys, Private key and a Public key. The pirvate key should be super secret and you must know where you are storing it in your machine. The public is key, is public! No matter if you share it with anyone.
Let's say you have two machine, home and a remote machine, which you want to login using ssh keys. First of all, check if any ssh keys exists in the machine using the command: ls -l ~/.ssh. This will list all the existing ssh files. You may choose to backup if any exist.
ijas@debian:~$ ls -l ~/.ssh
ls: cannot access '/home/ijas/.ssh': No such file or directory
ijas@ubuntu:~$ ls -l ~/.ssh
ls: cannot access '/home/ijas/.ssh': No such file or directory
In my debian and ubuntu machines, no ssh keys are present.
Working Of SSH Keys
SSH keys comes with pair (Private and Public). The public key is generated using the private key, in a way, they are linked together (but you can't get the private key from public key). The public key will be sent to the remote machine or server and it stores the key.
Whenever a user try to log in to that remote server from the host machine, the remote server creates a random string of characters (like 8&vw^afdsE...) and encrypt it using the public key. Now, this encrypted text can only be decrypted using the private key. The host now must prove that he can decrypt the encrypted string using the private key. Once decrypted, host sends back the result to the remote server and if they match, then the host is authenticated and can login to the remote server.
Creation of SSH Keys
To create ssh key pair in your machine, use the command ssh-keygen. ssh-keygen generates, manages and converts authentication keys for ssh.
ijas@debian:~$ ssh-keygen -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ijas/.ssh/id_rsa):
Created directory '/home/ijas/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ijas/.ssh/id_rsa
Your public key has been saved in /home/ijas/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:IVrtM2J36uO57J5vwhI7c4+Bd4pRwAZHngYmDxqnuwc ijas@debian
The key's randomart image is:
+---[RSA 4096]----+
|. + +.o |
| = = * o |
|o . X o |
| . = + . |
|E . o S . |
| o ..= = |
|. . o++ . |
| . =*=B. |
| .O%Bo |
+----[SHA256]-----+
- Use -b flag to specify the bit size. I have used 4096, which is actually much stronger than default.
- You can choose a location to store the keys, best to go with default.
- Passphrase is for an additional layer of security. You can add a strong passphrase if you want, but remember, if you lost it, there is no way to retrieve it.
Now you can see pair of ssh keys. The .pub is public key.
ijas@debian:~$ ls -l ~/.ssh
total 8
-rw------- 1 ijas ijas 3381 Sep 16 07:49 id_rsa
-rw-r--r-- 1 ijas ijas 737 Sep 16 07:49 id_rsa.pub
You can view the content of public key using cat ~/.ssh/id_rsa.pub.
Copying Key to Remote server
To copy the public to the remote server, use this command: ssh-copy-id username@ip-address
ijas@debian:~$ ssh-copy-id ijas@192.168.139.147
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ijas/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ijas@192.168.139.147's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ijas@192.168.139.147'"
and check to make sure that only the key(s) you wanted were added.
Once copied, you can see the copied public key (authorized_keys) in the remote server:
ijas@ubuntu:~$ ls -l ~/.ssh
total 4
-rw------- 1 ijas ijas 737 Sep 16 09:07 authorized_keys
Now when you try to ssh into the remote server, it won't ask for password. (Ensure you are SSHing at the directory where the private key is stored)
ijas@debian:~$ ssh ijas@192.168.139.147
Welcome to Ubuntu 25.04 (GNU/Linux 6.15.11-orbstack-00539-g9885ebd8e3f4 aarch64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
Last login: Tue Sep 16 09:06:43 2025 from 192.168.139.177
Conclusion
SSH keys give you better security, faster logins, and peace of mind, making them the best practice for managing Linux systems.
Congrats!🎉 You are now one step ahead in your linux journey. Thanks for reading!
Top comments (0)