July 26th  2021 - Guides

Tutorial: How to generate an SSH key?

Once your dedicated server is delivered, you now want to be able to connect to it. To do this, most of the time, you will use SSH.

Once your dedicated server is delivered, you now want to be able to connect to it. To do this, most of the time, you will use SSH.

What is SSH?

Secure Shell or SSH allows you to remotely administer your machines, via a terminal.
SSH allows you to connect using a password or SSH key pair. The SSH key pair relies on cryptographic processes similar to SSL certificates, which use a private part (which is never shared) and a public part (which can be freely transmitted).

Secure Shell or SSH allows you to remotely administer your machines, via a terminal.
SSH allows you to connect using a password or SSH key pair. The SSH key pair relies on cryptographic processes similar to SSL certificates, which use a private part (which is never shared) and a public part (which can be freely transmitted).

Summary of the cryptographic process

Diagram of the cryptographic process

During the connection to the machine, the client informs the server of the username with which it wants to connect.
The server then informs him that he can proceed with his connection attempt with a public key.
The client informs the server of the public key fingerprint it will use, and sends a signed message with the corresponding private key.
The server verifies that the message is signed with the public key it knows. The client is thus authenticated, and allowed to connect.

During the connection to the machine, the client informs the server of the username with which it wants to connect.
The server then informs him that he can proceed with his connection attempt with a public key.
The client informs the server of the public key fingerprint it will use, and sends a signed message with the corresponding private key.
The server verifies that the message is signed with the public key it knows. The client is thus authenticated, and allowed to connect.

How to generate an SSH key?

Linux / MacOSX

The procedure on UNIX-based systems is quite simple:
1. Open a terminal
2. Run the ssh-keygen command
3. Follow the instructions in the command.

The procedure on UNIX-based systems is quite simple:
1. Open a terminal
2. Run the ssh-keygen command
3. Follow the instructions in the command.

Generate an SSH key on Linux/MacOSX

a: Path where you want to create the key pair (the default is often correct);
b: If the destination folder does not exist, it is created;
c: You have the option to enter a secret phrase associated with the key pair. It will be necessary to use it;
d: The key pair is created in the file chosen in « a » : « id_rsa » is your private key and « id_rsa.pub » is your public key.

a: Path where you want to create the key pair (the default is often correct);
b: If the destination folder does not exist, it is created;
c: You have the option to enter a secret phrase associated with the key pair. It will be necessary to use it;
d: The key pair is created in the file chosen in « a » : « id_rsa » is your private key and « id_rsa.pub » is your public key.

Windows

Under Windows, you must first install PuTTY, a terminal emulator software.

Under Windows, you must first install PuTTY, a terminal emulator software.

Generate an SSH key on Windows

a: Choose an RSA type key;
b: Choose at least 4096bits of key size;
c: Click « Generate ». The key generation process begins.

a: Choose an RSA type key;
b: Choose at least 4096bits of key size;
c: Click « Generate ». The key generation process begins.

Generate an SSH key on Windows

d: Once the process is complete, you will find the contents of the public key here, to be transmitted to your outsourcer ;
e: You can choose a password for your private key;
f: Save your public key;
g: Save your private key.

d: Once the process is complete, you will find the contents of the public key here, to be transmitted to your outsourcer ;
e: You can choose a password for your private key;
f: Save your public key;
g: Save your private key.

SSH key generation options

The « ssh-keygen » command can take several options. We list here the ones we recommend:

The « ssh-keygen » command can take several options. We list here the ones we recommend:

  • « -t ed25519 »: to generate a key with a powerful algorithm based on elliptic curves.
    Please note, the name of the key will then be « id_ed25519 » and not « id_rsa »;
  • « -m PEM »: forces the creation in PEM format. Useful if you have to connect to an old system;
  • « -b 4096 »: if you need to use the « rsa » algorithm, this option allows to have 4096bits keys.

What to pass on to the server admin?

Your server admin only needs the public part of your key pair. If you followed the example above, this is the contents of the « id_rsa.pub » file.
Caution: Never transmit the « id_rsa » file. Indeed, its confidentiality guarantees the security of your SSH key pair. It should therefore never leave the workstation where it was created.

Your server admin only needs the public part of your key pair. If you followed the example above, this is the contents of the « id_rsa.pub » file.
Caution: Never transmit the « id_rsa » file. Indeed, its confidentiality guarantees the security of your SSH key pair. It should therefore never leave the workstation where it was created.

*Server admin: service provider in charge of the installation, configuration and maintenance of your computer server.

*Server admin: service provider in charge of the installation, configuration and maintenance of your computer server.

Contact us

Contact us

Any question ? A doubt ? A particular request ? Do not hesitate to contact us by clicking on this button below, we will answer you as quickly as possible.

Any question ? A doubt ? A particular request ? Do not hesitate to contact us by clicking on this button below, we will answer you as quickly as possible.

Did you like this article? You might also like

30
Aug

Tutorial: Connection to a remote server

Guides

Have you ever tried to connect remotely to your managed server? During the manipulation, it is possible that the server refuses the connection. Discover in this tutorial article some indications to understand the source of the error.

Continue
22
Apr

Cloud Act, Patriot Act, RGPD: What law are your data subject to?

Guides

What is the Cloud Act and Patriot Act? What does this laws concretely imply? What type of hosting solution should be chosen? Alexandre Archambault, digital specialist, answers our questions.

Continue
30
Aug

Tutorial: Connection to a remote server

Guides

Have you ever tried to connect remotely to your managed server? During the manipulation, it is possible that the server refuses the connection. Discover in this tutorial article some indications to understand the source of the error.

Continue
22
Apr

Cloud Act, Patriot Act, RGPD: What law are your data subject to?

Guides

What is the Cloud Act and Patriot Act? What does this laws concretely imply? What type of hosting solution should be chosen? Alexandre Archambault, digital specialist, answers our questions.

Continue
30
Aug

Tutorial: Connection to a remote server

Guides

Have you ever tried to connect remotely to your managed server? During the manipulation, it is possible that the server refuses the connection. Discover in this tutorial article some indications to understand the source of the error.

Continue
22
Apr

Cloud Act, Patriot Act, RGPD: What law are your data subject to?

Guides

What is the Cloud Act and Patriot Act? What does this laws concretely imply? What type of hosting solution should be chosen? Alexandre Archambault, digital specialist, answers our questions.

Continue
Need assistance? Call us now!
Call us now! 01 84 04 04 05
Call us now! 01 84 04 04 05
AWS Certified
DC Tier IV