Generate SSH Key

====> Put a nice little cheat sheet here <====

Generating RSA Keys - Basic Setup

Generate Key Pair

Create the .ssh directory inside your home directory if it doesn't exist already. Make sure the permissions are set correctly. Then, run the ssh-keyugen command to generate an RSA public key and an RSA private key pair. mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t rsa
Your public key will be here:

Your private key will be here:

Stronger Key - optional

If you want a stronger key you can specify the bits. The default is 2048. You can double that witht he following command. Instead of using the ssh-keygen command shown above, use this version of the command with the '-b 4096' option. ssh-keygen -t rsa -b 4096

Transfer Client Key to Host

ssh-copy-id <username>@<host> ssh-copy-id "<username>@<host> -p <port_nr>" Works if you have password auth but not if you are already using a key with password auth disabled. cp authorized_keys authorized_keys_Backup
cat >> authorized_keys
chmod 600 ~/.ssh/authorized_keys

Disable password Authentication

/etc/ssh/sshd_config PasswordAuthentication no Make sure these are set ( should be already ): PubkeyAuthentication yes
ChallengeResponseAuthentication no
Reset SSHD after making changes: sudo systemctl reload sshd

Encrypted Home Directory

/etc/ssh/ /etc/ssh/sshd_config AuthorizedKeysFile /etc/ssh/%u/authorized_keys sudo service ssh restart

Stuff That Can Go Wrong

Disabled in Config: Should be already set on default Ubuntu install: /etc/ssh/sshd_config PubkeyAuthentication yes
RSAAuthentication yes
Check status: sudo service ssh restart Permissions: chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Client not picking up keys: If you see an error like this: “Error: Agent admitted failure to sign using the key.” It probably means that the client agent hasn’t yet picked up the key, even though it should have. Try this to make it pick up the key: ssh-add
More Debugging: On the server, you can start the SSH daemon in debug mode to see output. sudo /usr/sbin/sshd -d On the client you can use the ‘-v’ or ‘-vv’ switch for more verbosity. This will show more information and hopefully give you more insight into what is going wrong. ssh -v ( or -vv) username@host's