Complete Guide: How to Generate and Configure Public SSH Keys on macOS, Linux and Windows

The public key is a fundamental component in asymmetric cryptography, also known as public key cryptography. In this system, each user has a pair of keys: a public key, which can be shared freely, and a private key, which must be kept secret. The public key is used to encrypt messages or verify digital signatures, while the private key is used to decrypt messages or create digital signatures.

For example, when sending a confidential message, the sender uses the recipient’s public key to encrypt it. Only the recipient, with their corresponding private key, can decrypt and access the contents of the message.

Public key cryptography is widely used in various applications, such as digital certificates, internet security protocols (SSL/TLS) and digital signatures, guaranteeing the security and integrity of electronically transmitted information.

Here at the Bureau of Technology we use keys mainly to access remote servers using the shell in SSH connections. Below are the instructions for generating a public SSH key on each operating system and then how to make it easier to use on a day-to-day basis to connect to remote servers via the shell:

Generating key pairs

MacOS and Linux

Open the terminal and run the following command to generate a key pair:

ssh-keygen -t ed25519 -C "[email protected]"

Explanation of the parameters:

• -t ed25519Specifies the type of key to be generated.
• -C "[email protected]": Adds a comment (usually your e-mail address) to the key.

After the command:

1. You will be asked to define a name for the key file. Press Enter to use the default name (~/.ssh/id_rsa).
2. You will then be asked to set a password to protect the key. We recommend adding a password for extra security.

Your public key will be saved as ~/.ssh/id_ed25519.pub.

To view the generated public key, you can use:

cat ~/.ssh/id_ed25519.pub

Windows (with OpenSSH)

In Windows 10 and higher, OpenSSH is built-in. To generate the SSH key, follow these steps:

1. Open Command Prompt or PowerShell.
2. Run the command:

ssh-keygen -t ed25519 -C "[email protected]"

3. Choose the location where you want to save the key (by default, it will be at C:\Users\SeuUsuario\.ssh\id_ed25519).
4. Set a password to protect the key (optional, but recommended).

To display the generated public key, run:

type $HOME\.ssh\id_ed25519.pub

Public key sharing

After generating the public key, copy its contents and paste them where necessary to configure SSH access:

• Linux/macOS: cat ~/.ssh/id_ed25519.pub
• Windows: type $HOME\.ssh\id_ed25519.pub

Attention! The private key must be kept in a safe place, as any compromise of this key allows third parties to access protected systems without additional authentication. In contrast, the public key can be shared freely without negative consequences.

Optimizing access to keys for everyday use

I recommend setting up the predefined connections file at ~/.ssh/config. This file allows you to simplify and customize SSH connections, especially useful when managing multiple servers or specific configurations.

What is ~/.ssh/config?

The ~/.ssh/config file allows you to define specific settings for SSH hosts, making it easier to manage connections. With it, you can assign nicknames to servers, specify ports, default users and other connection options.

Benefits of using the SSH configuration file

• Simplifying commands: Avoids the need to type in long parameters when connecting to servers.
• Centralized management: Concentrates configurations from multiple hosts in a single location.
• Increased security: Allows you to specify authentication methods and other security options per host.

How to configure the file ~/.ssh/config

Follow the steps below to create and configure the SSH configuration file:

• Create the configuration file: If the file does not exist, create it with the command:

  touch ~/.ssh/config

• Set appropriate permissions: Make sure that only the owner has read and write permissions:

  chmod 600 ~/.ssh/config

• Add settings for a host: Open the file with a text editor and add the desired settings. For example:

  Host meu-servidor
      HostName 192.168.1.100
      User usuario
      Port 2222
      IdentitiesOnly=yes
      IdentityFile ~/.ssh/id_ed25519

Explanation of the parameters:

• Host: Nickname for the server.
• HostName: IP address or domain of the server.
• User: User name for the connection.
• PortSSH port used by the server.
• IdentitiesOnly=yes: exclusively uses the key specified in IdentityFile
• IdentityFilePath to the corresponding private key.

Using the configuration file

After configuring the file, connect to the server using the defined alias:

ssh meu-servidor

SSH will automatically apply the settings specified to meu-servidor.

Practical example

Suppose you manage two servers with different configurations. The file ~/.ssh/config could be configured as follows:

Host servidor-web
    HostName web.bureau-it.com
    User admin
    Port 22
    IdentitiesOnly=yes
    IdentityFile ~/.ssh/id_ed25519_web

Host servidor-banco
    HostName db.bureau-it.com
    User dbadmin
    Port 2222
    IdentitiesOnly=yes
    IdentityFile ~/.ssh/id_ed25519_banco

With this configuration, you can connect to the servers using only:

ssh servidor-web

or

ssh servidor-banco

6. Safety considerations

• Protecting the configuration file: Keep the file ~/.ssh/config with restricted permissions to prevent unauthorized access.
• Private key management: Store private keys in secure locations and use strong passwords to protect them.

By implementing the use of the ~/.ssh/config file, you simplify the management of SSH connections and improve efficiency when accessing multiple servers.

For more details on using the SSH configuration file, see the official OpenSSH documentation. The documentation of fundamental software for SysAdmins is dry, but it is indispensable! 🙂

See you next time!