SSH-keys are an alternate form of identification (alternate to username/password) that can be used to authenticate access to resources that are available using SSH. They can enhance the security of your SSH account in some circumstances, if password based authentication is not replaced with key based authentication.
An SSH-Key has security advantages to username/passwords - they are not vulnerable to brute force password attacks, or keystroke logging, or just guessing poorly chosen passwords. Unfortunately, SSH-Keys do not disable password authentication on existing accounts, they just provide an optional alternative method for authenticating.
When you login to an SSH service, you identify yourself with your login id and your private SSH key. The remote service verifies your credentials using your public key you transferred to the service and authenticates you. No password is required to authenticate.
On the client computer that you will be using to log in with, create an ssh-key pair.
If you assign your key a unique file name, you can make it single purpose for logging into a specific computer (like an sftp server). Otherwise with the default name (id_rsa), the key will be automatically used for all connections:
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (~/.ssh/id_rsa): Enter passphrase (empty for no passphrase): ********* Enter same passphrase again: ********* Your identification has been saved in id_rsa. Your public key has been saved in id_rsa.pub. The key fingerprint is: f4:ba:40:56:c8:c6:fd:b3:5b:23:34:57:c4:b1:60:2e *****@*****.local Your public key is stored in the file id_rdsa.pub. Your private key is stored in id_rsa - keep it secured, don't loose it!
For SSH servers, ssh-copy-id wil append the key to the remote-host’s .ssh/authorized_key.
$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-host $ remote-host password: *******
Note: if your want to use an ssh-key with department SFTP servers, you will need to create an authorized_key file locally from your .pub file, and then manually SFTP the authorized_keys file into your .ssh directory manually, and set the file permissions with the chmod command -
chmod 600 .ssh/authorized_keys.
If you are using the key for automated sftp file transfers, you may want to create a passphrase-less key so it does not require being hard-coded in automation scripts.
$ cat ~/.ssh/my_key_file.pub > authorized_keys $ sftp user@remote-host $ cd .ssh $ put authorized_keys $ chmod 600 authorized_keys $ exit
$ ssh -i ~/.ssh/my_key_file user@remote-host Enter passphrase for key '/home/user/.ssh/my_key_file':
If you did not have a passphrase you will not be prompted, otherwise your local SSH client will be prompted for your passphrase before the SSH-key is validated.
Alternatively you should use
sftp -i ~/.ssh/my_key_file user@remote-host, if you are connecting to an SFTP server.