Create public and private keys

There are many ways you can generate public and private key pars. As I like to use the terminal I will be using ssh-keygen.

root@sh-srv:~# ssh-keygen -t rsa -b 4096

The -t specifies the type of key to create. You can choose rsa1, rsa or dsa.
The -b specifies the number of bits in the key to create.

There are plenty of options, if you want to know more, have a look to the man pages.

Add the public key to the server

Create a folder named ".ssh" and change the premissions to 700.

jca@sh-srv:~$ mkdir ~/.ssh
jca@sh-srv:~$ chmod 700 ~/.ssh

Create the file authorized_keys and append the public key. In this case as there are no previous keys we will just rename the file id_rsa.pub.

root@sh-srv:~# mv id_rsa.pub authorized_keys

Change the owner and the group for the .ssh folder and all the contents.
Example:

root@sh-srv:~# chown jca. /home/jca/.ssh -R

If you want to add more keys append the new kees to the authorized_keys file.
Example:

root@sh-srv:~# cat new_public_key >> authorized_keys

Use the private key with PuTTy

Download the private key from the server. Filezilla can be used to connect using FTP and download files from the server, but it is also possible to copy the file to other server using the scp command like this:scp {file} {username}@{server}:{path}

Example:

root@sh-srv:~# scp test jca@testserver.com:/home/jca

Once the file is in you computer you can convert the private key using PuTTygen:

  1. Start PuTTygen
  2. Click on Load and find the id_rsa file that contains your private key.
  3. Click on save private key

To start using the key start Pageant, click on add key and then everything is setup to authenticate with your server using the private key.

Add public keys to other server

Lets say that you now want to use the same key pairs for multiple servers, well the only thing that needs to be done is to copy the .ssh file to your home directory in the new server.

Remember the permission for .ssh should be 700 and the authorized_keys, nown_hosts files 644. You should be the owner and group of the files.

The openSSH format

In some cases it might be necessary to convert the key to openSSH format using the ssh-keygen tool.
Example:

root@sh-srv:~#ssh-keygen -i -f keyfile.pub > newkeyfile.pub

The '-i' option will read an unencrypted key and print an OpenSSH compatible to stdout.
The '-f' specifies the filename

Terms of Service Privacy Security

© 2025 Julian's Corner. All rights reserved