DEV Community

Cover image for Generating SSH key – the best way
Mikołaj Buchwald
Mikołaj Buchwald

Posted on

Generating SSH key – the best way

#ssh #git #security #development

tl;rd:

ssh-keygen -t rsa -b 2048 -C "user@institution" -f ~/.ssh/institution-user
Enter fullscreen mode Exit fullscreen mode

where:

  • user is your identifier, e.g., "joe"
  • institution is your workplace, or an indication that it is your personal key, e.g., "buchcorp", "personal", etc.

An additional step is to rename the private key to have a *.pem extension:

mv ~/.ssh/institution-user ~/.ssh/institution-user.pem
Enter fullscreen mode Exit fullscreen mode

I don't know the security standpoint/standards, but from the user experience/usability point of view I am a great fan of file extensions in general.

Important ingredients of a perfect ssh-keygen command

There are numerous tutorials on the web how to generate a pair of SSH keys. However, I didn't find a single one that covers all the arguments/parameters that in my opinion are essential when generating an SSH key pair via a terminal. What are these essential ingredients of a perfect ssh-keygen command? Here they are:

  1. Comment –- needles to say, the comment doesn't seem that important, unless you are faced with an impossible task of disentangling a multiple keys sitting in authorized_keys for months, if not years. Good luck guessing which key belong to who then :) In other words, always put a meaningful text that will allow others (as well as yourself) to identify the particular key as yours (unless you are a hacker, or whatever :D )

  2. Filename -- you want your private and public keys to have a meaningful name right away –- else they can get lost in a number of the default id_rsa files, or worse –- you will overwrite an important key. Please note that I explicitly mention the path to the file: -f ~/.ssh/key-name (instead of specifying just the file name).

The command

Here is the example command using the above-mentioned characteristics:

ssh-keygen -t rsa -b 2048 -C "user@institution" -f ~/.ssh/institution-user
Enter fullscreen mode Exit fullscreen mode

where:

  • user is your identifier, e.g., "joe"
  • institution is your workplace, or an indication that it is your personal key, e.g., "buchcorp", "personal", etc. 
mv ~/.ssh/institution-user ~/.ssh/institution-user.pem
Enter fullscreen mode Exit fullscreen mode

I don't know the security standpoint/standards, but from the user experience/usability point of view I am a great fan of file extensions in general.

Sources

  1. https://www.ssh.com/academy/ssh/keygen#specifying-the-file-name
  2. https://docs.gitlab.com/ee/user/ssh.html

Bonus: see how to manage multiple SSH keys in my other article: https://dev.to/mikolajbuchwald/git-via-ssh-multiple-keys-management-3bkm

Cover image: photo by Michael Dziedzic on Unsplash

Top comments (0)

Read next

hamed-fatehi profile image

Demystifying OAuth 2.0 with a Clubbing Analogy

Hamed Fatehi -

joelgnansousnou profile image

How to manage Access Control in Solidity Smart Contract

Joël Gnansounou -

tech_at_golemai profile image

RAG implementation test

Tech at Golem.ai -

nikitakoselev profile image

Embracing Transparency: Dr. Allan Friedman's Vision for Open Source Security

Nikita Koselev -