Generate an RSA 4096 bit key. Use option "-b 2048" to create 2048 bit
USAGE=''
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_"$USAGE"_"$(date +%Y-%m-%d)" -C "$(whoami)@$(hostname)_$(date +%Y-%m-%d)" Generate an ed25519 key with the new OpenSSH format rather than the PEM format (-o) options:
USAGE=''
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_"$USAGE"_$(date +%Y-%m-%d) -C "$(whoami)@$(hostname)_$(date +%Y-%m-%d)"Set correct permission for keys
chmod 600 ~/.ssh/<private_key_file>
chmod 644 ~/.ssh/<public_key_file>Add the key to the ssh-agent. An SSH agent is a program which caches your decrypted private keys and provides them to SSH client programs on your behalf.
eval "$(ssh-agent)"
ssh-add --apple-use-keychain ~/.ssh/<private_key_file> # Omit '--apple-use-keychain' for non-apple os.Copy key to server
ssh-copy-id -i ~/.ssh/<private_key_file> user@server
pbcopy < ~/.ssh/<public_key_file>
cat ~/.ssh/<public_key_file>(macOS only) So that your computer remembers your password each time it restarts, open (or create) the ~/.ssh/config file and add these lines to the file:
Host *
AddKeysToAgent yes
UseKeychain yes
Generally all keys used for interactive access should have a passphrase.
Keys without a passphrase are useful for fully automated processes. They allow shell scripts, programs, and management tools to log into servers unattended. This is often used for backups and data transfers between information systems.
- https://www.ssh.com/academy/ssh/keygen
- https://www.ssh.com/academy/ssh/copy-id#some-best-practices-for-ssh-keys
- https://wiki.archlinux.org/index.php/SSH_keys
- https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
- https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/
- https://infosec.mozilla.org/guidelines/openssh.html