DEV Community

Cover image for Generating SSH key – the best way
Mikołaj Buchwald
Mikołaj Buchwald

Posted on

Generating SSH key – the best way

tl;rd:

ssh-keygen -t rsa -b 2048 -C "user@institution" -f ~/.ssh/institution-user
Enter fullscreen mode Exit fullscreen mode

where:

  • user is your identifier, e.g., "joe"
  • institution is your workplace, or an indication that it is your personal key, e.g., "buchcorp", "personal", etc.

An additional step is to rename the private key to have a *.pem extension:

mv ~/.ssh/institution-user ~/.ssh/institution-user.pem
Enter fullscreen mode Exit fullscreen mode

I don't know the security standpoint/standards, but from the user experience/usability point of view I am a great fan of file extensions in general.


Important ingredients of a perfect ssh-keygen command

There are numerous tutorials on the web how to generate a pair of SSH keys. However, I didn't find a single one that covers all the arguments/parameters that in my opinion are essential when generating an SSH key pair via a terminal. What are these essential ingredients of a perfect ssh-keygen command? Here they are:

  1. Comment –- needles to say, the comment doesn't seem that important, unless you are faced with an impossible task of disentangling a multiple keys sitting in authorized_keys for months, if not years. Good luck guessing which key belong to who then :) In other words, always put a meaningful text that will allow others (as well as yourself) to identify the particular key as yours (unless you are a hacker, or whatever :D )

  2. Filename -- you want your private and public keys to have a meaningful name right away –- else they can get lost in a number of the default id_rsa files, or worse –- you will overwrite an important key. Please note that I explicitly mention the path to the file: -f ~/.ssh/key-name (instead of specifying just the file name).

The command

Here is the example command using the above-mentioned characteristics:

ssh-keygen -t rsa -b 2048 -C "user@institution" -f ~/.ssh/institution-user
Enter fullscreen mode Exit fullscreen mode

where:

  • user is your identifier, e.g., "joe"
  • institution is your workplace, or an indication that it is your personal key, e.g., "buchcorp", "personal", etc.
mv ~/.ssh/institution-user ~/.ssh/institution-user.pem
Enter fullscreen mode Exit fullscreen mode

I don't know the security standpoint/standards, but from the user experience/usability point of view I am a great fan of file extensions in general.

Sources

  1. https://www.ssh.com/academy/ssh/keygen#specifying-the-file-name
  2. https://docs.gitlab.com/ee/user/ssh.html

Bonus: see how to manage multiple SSH keys in my other article: https://dev.to/mikolajbuchwald/git-via-ssh-multiple-keys-management-3bkm


Cover image: photo by Michael Dziedzic on Unsplash

Billboard image

Use Playwright to test. Use Playwright to monitor.

Join Vercel, CrowdStrike, and thousands of other teams that run end-to-end monitors on Checkly's programmable monitoring platform.

Get started now!

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay