SSH KEY PAIRS: How do we create them?

What are SSH key pairs?

SSH key pairs are becoming increasingly preferred to passwords which beg the question, what are they? An SSH key is used in the SSH protocol to provide a secure means of authentication. As of quite some tie, ssh keys have become increasingly preferred to passwords for a few reasons:

  • Passwords have become increasingly prone to being cracked or stolen by outsiders via methods like brute force attacks, while in transit through the internet and among others

  • People continually make the mistake of sharing their passwords as well as forgetting them and re-use them causing high losses to businesses due to data loss and compromise of information

  • Due to its high cryptographic strength, SSH keys are less prone to malicious attack

  • The fact that it initiates authentication and grants access means that the users don't have to worry about remembering their passwords every time

How do SSH keys work?

SSh keys are typically generated in pairs according to a particular encryption order, Usually, a private and public key is generated. The public key can be shared with any SSh server the user wants to connect with while the private key is kept safely within the user's system So let's jump right into figuring out how to generate these key pairs

Generating key pairs for Linux and Mac users

The whole process begins on any command line interface of your choice. We could start by installing OpenSSH via but if you already have this installed you can skip this

sudo apt install openssh-client

For Mac Users. See here for installing port facility

sudo port install openssh

Next, to generate our key pair we simply run

ssh-keygen

This will begin generating our key pair for us. At this point you will see:

Generating public/private rsa key pair.
Enter file in which to save the key (~/.ssh/id_rsa):

The default file is at ~/.ssh/id_rsa. You can enter the new file you want to save it to. In this case, I'm just going to leave it blank. You will then be asked to enter a passphrase which adds an extra layer of protection. Whenever you want to use this key you will have to enter the passphrase again. I don't want a passphrase so we live it blank and simply press enter twice. The key will then be generated for us

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ~/.ssh/id_rsa
Your public key has been saved in ~/.ssh/id_rsa
The key fingerprint is:
SHA256:GjOFyFQlScZvoC+1XtkF7iOZyVyANHQLARd88hmSPBI RALPH@RALPH-HP
The key's randomart image is:
+---[RSA 3072]----+
|    E@&Bo        |
|   o.+%*+..      |
|    oo.Oo= .     |
|    . ..= o .    |
|     o+=SO .     |
|    . o=X +      |
|     o.. . .     |
|      .          |
|                 |
+----[SHA256]-----+

We can confirm the presence of our key by running cat ~/.ssh/id_rsa Note that the public key is saved to ~/.ssh/id_rsa.pub

Generating key pairs for Window Users

I've always felt the *nix family was leaving us out but luckily there's a way. If you're using Windows 10 and above, installing Openssh Client is easy. Just follow the following steps:

  1. Open settings

  2. Select Apps

  3. Click on Optional features

  4. Scan the resulting list to see if Openssh- Client is installed. If it is, then scroll back to the beginning of the page and continue with the steps outlined for Linux users.

  5. if it isn't installed, Click on Add a feature at the top of the page. Look for OpenSsh_Client or type it in the search bar and select install.

  6. Verified that it has been installed after checking in the optional features again

  7. Continue here

Alternatively, we could use PuttyGen to generate our ssh key pairs for us. Puttygen is a key pair generator used for generating ssh key pairs. Before we begin, we have to download putty first. Puttygen comes together with putty which is a terminal emulator. After installation and set-up, we can now begin to generate our key pairs. To get to the Puttygen generator,

Click on the Start button => All Programs => Putty =>Puttygen

We should all have a screen looking like this

Now Click on generate. Move your cursor over the space to create some randomness until the green bar reaches the end

Once there you will have a screen like this

Now you can enter your passphrase if you want one. If you don't leave it blank. Click on "save public key" and the file explorer will appear. Write the name of the file you want to save it as and then save. Then do the same for the private key and s

Yoo-hoo, We've just created our ssh key pairs. There are a few things worth mentioning though.

  • The default encryption for Puttygen and ssh-keygen is rsa

  • You can specify the number of bits you want the key to be but basically, the default setting is 2048 bits

  • To create a key pair using Puttygen We can carry out that from the terminal:

      sudo apt install putty-tools
      puttygen -t rsa -b 2048 -P passphrase -C "user@host" -o output_file_path
    
  • To create our key pairs using ssh-keygen in one line we take advantage of the command line flags

      ssh-keygen -t rsa -f output_file_path -N passphrase
    
Puttygenssh-keygenWhat the flag does
-t-tSpecifies encryption type
-b-bSpecifies the number of keys present in the key pair
-P-NPassphrase. put "" if you don't want a passphrase
-o-fThe output file where the keys will be written to
-C-CComments to describe the key

Conclusion

So today we looked at just a brief intro into what key pairs are and why they are a good form of authentication to use. We also saw how to use ssh-keygen and Puttygen to create key pairs for our Linux and Windows users

Hope you all enjoyed the read. Let me know in the comment section if this helped you in generating your ssh key pairs.