Erick Quinteros Posted on May 31 What Is ssh-keygen # ssh # keygen # tutorial # authentication What Is ssh-keygen ? ssh-keygen is a tool for creating new SSH public-key key pairs. SSH Keys and Public Key Authentication The SSH protocol uses public-key cryptography to authenticate hosts and users. SSH introduced public key authentication as a more secure alternative to the older .rhosts authentication. It improved security by avoiding the need to have a password stored in files, and eliminated the possibility of a compromised server stealing the user's password. Creating an SSH Key Pair for User Authentication The simplest way to generate a key pair is to run ssh-keygen without arguments. In this case, it will prompt for the file in which to store the keys ssh-keygen Generating public/private RSA key pair. Enter fullscreen mode Exit fullscreen mode First, the tool asked where to save the file. SSH keys for user authentication are usually stored in the user's .ssh directory under the home directory. The default key file name depends on the algorithm; in this case, id_rsa when using the default RSA algorithm. It could also be, for example, id_dsa or id_ecdsa . Then it asks to enter a passphrase . The passphrase is used for encrypting the key, so that it cannot be used even if someone obtains the private key file. Choosing an Algorithm and Key Size SSH supports several public key algorithms for authentication keys. These include: rsa - an old algorithm based on the difficulty of factoring large numbers. A key size of at least 2048 bits is recommended for RSA; 4096 bits is better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm may be advisable. The RSA algorithm may become practically breakable in the foreseeable future. All SSH clients support this algorithm. dsa - an old US government Digital Signature Algorithm. It is based on the difficulty of computing discrete logarithms. A key size of 1024 would normally be
LIVE