DEV Community

Cover image for Generating SSH key – the best way
Mikołaj Buchwald
Mikołaj Buchwald

Posted on

Generating SSH key – the best way

tl;rd:

ssh-keygen -t rsa -b 2048 -C "user@institution" -f ~/.ssh/institution-user
Enter fullscreen mode Exit fullscreen mode

where:

  • user is your identifier, e.g., "joe"
  • institution is your workplace, or an indication that it is your personal key, e.g., "buchcorp", "personal", etc.

An additional step is to rename the private key to have a *.pem extension:

mv ~/.ssh/institution-user ~/.ssh/institution-user.pem
Enter fullscreen mode Exit fullscreen mode

I don't know the security standpoint/standards, but from the user experience/usability point of view I am a great fan of file extensions in general.


Important ingredients of a perfect ssh-keygen command

There are numerous tutorials on the web how to generate a pair of SSH keys. However, I didn't find a single one that covers all the arguments/parameters that in my opinion are essential when generating an SSH key pair via a terminal. What are these essential ingredients of a perfect ssh-keygen command? Here they are:

  1. Comment –- needles to say, the comment doesn't seem that important, unless you are faced with an impossible task of disentangling a multiple keys sitting in authorized_keys for months, if not years. Good luck guessing which key belong to who then :) In other words, always put a meaningful text that will allow others (as well as yourself) to identify the particular key as yours (unless you are a hacker, or whatever :D )

  2. Filename -- you want your private and public keys to have a meaningful name right away –- else they can get lost in a number of the default id_rsa files, or worse –- you will overwrite an important key. Please note that I explicitly mention the path to the file: -f ~/.ssh/key-name (instead of specifying just the file name).

The command

Here is the example command using the above-mentioned characteristics:

ssh-keygen -t rsa -b 2048 -C "user@institution" -f ~/.ssh/institution-user
Enter fullscreen mode Exit fullscreen mode

where:

  • user is your identifier, e.g., "joe"
  • institution is your workplace, or an indication that it is your personal key, e.g., "buchcorp", "personal", etc.
mv ~/.ssh/institution-user ~/.ssh/institution-user.pem
Enter fullscreen mode Exit fullscreen mode

I don't know the security standpoint/standards, but from the user experience/usability point of view I am a great fan of file extensions in general.

Sources

  1. https://www.ssh.com/academy/ssh/keygen#specifying-the-file-name
  2. https://docs.gitlab.com/ee/user/ssh.html

Bonus: see how to manage multiple SSH keys in my other article: https://dev.to/mikolajbuchwald/git-via-ssh-multiple-keys-management-3bkm


Cover image: photo by Michael Dziedzic on Unsplash

Image of Docusign

Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs