Just out of curiosity, ascertain what keys you have on your machine by issuing the following command:
for key in ~/.ssh/id_*; do ssh-keygen -l -f "${key}"; done | uniqGenerate new ED25519 key pair
ssh-keygen -o -a 256 -t ed25519 -C "$(hostname)-$(date +'%d-%m-%Y')"
Executing the command above will generate a new pair of Ed25519 keys. When asked, provide a strong password for the key pair.
$ ~/.ssh/id_ed25519 #Private key $ ~/.ssh/id_ed25519.pub #Public key
Let’s have a brief look at each option.
-o will use OpenSSH format for the new keys-a specifies the number (amount) of key derivation rounds (KDF)-t specifies the type; in this case Ed25519-C adds an optional comment that helps with identifying the key
Using the new keys
Now, simply add the public key to the authorized keys of the machine you would like to login to. In order to retrieve the public key, use the following command and copy & paste the output of said command.
cat ~/.ssh/id_ed25519.pub
Sprinkle a bit of convenience on top
Now if you’re like me and are using a Mac, you may use the Keychain to store your password, so you don’t have to always type it out when logging in to your server via ssh.
I added the following to ~/.ssh/config:
Host mtnr
HostName mtnr.cloud
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519Now, when calling ssh mtnr, I can ssh into my server without specifying anything extra like e.g. which pair of keys to use for authentication and, I only have to type out the password once. All subsequent attempts will use the password stored in my Keychain.
Neat!
Further reading/sources:
Leave a Reply