Command To Generate Ssh Key In Unix
Introduction
SSH (Secure Shell) is a network protocol that enables secure remote connections between two systems. System admins use SSH utilities to manage machines, copy, or move files between systems. Because SSH transmits data over encrypted channels, security is at a high level.
This article will guide you through the most popular SSH commands. The list can also serve as a cheat sheet and will come in handy the next time you need to complete a task.
Command Line Ssh
- An SSH client of your choice
- An SSH server on the remote machine
- The IP address or name of the remote server
With older versions of ssh-keyscan (before OpenSSH version 5.1), the default key type was the out-dated rsa1 (SSH Protocol 1) so the key types would need to be explicitly specified: ssh-keyscan -t rsa,dsa hostname Get fingerprint hashes of Base64 keys. Ssh-keyscan prints the host key of the SSH server in Base64-encoded format. To convert an existing PuTTY private key for Tectia or OpenSSH, use the command: puttygen keyfile.ppk -O private-openssh -o keyfile. Then copy keyfile to the.ssh directory on the host where Tectia or OpenSSH will be run. Command Line Options. The basic command line of PuTTYgen: Specifies a key file to read or a key type and size to generate.
To connect to a remote machine, you need its IP address or name. Load the terminal or any SSH client and type ssh
followed by the IP address:
or name:
The first time you connect to a host, you’ll see this message:
Type yes and hit enter. You may need to enter your password as well.
SSH uses the current user when accessing a remote server. To specify a user for an SSH connection, run the command in this format:
For instance:
By default, the SSH server listens for a connection on port 22. If the port setting in the SSH config file has been changed, you’ll need to specify the port. Otherwise, you will get this error:
To connect to a remote host with a custom SSH port number, use the -p
flag. For example:
To improve the security of SSH connections, generate a key pair with the keygen utility. The pair consists of a public and private key. The public key can be shared, while the private key needs to stay secure.
SSH key pairs are used to authenticate clients to servers automatically. When you create an SSH key pair, there is no longer a need to enter a password to access a server.
On the host machine’s terminal, use this command to create a key pair:
To use default settings, hit Enter on the prompts for file location and passphrase.
To use the key pair for SSH authentication, you’ll need to copy the public key to a server. The key is the file id_rsa.pub previously created with SSH keygen utility.
To copy your key to a server, run this command from the client:
You can also specify a username if you don’t want to use the current user.
Enter the password to authenticate when asked. After this, you will no longer need to use the password to connect to the same server.
You can securely copy files over the SSH protocol using the SCP tool. The basic syntax is:
For example, to copy a file sample3 to your Desktop on a remote server with a username test, type in:
The output shows a summary of the operation.
Make sure to use the uppercase-P
flag if you need to specify the port.
You can control how remote users can access a server via the SSH. Edit the settings in the sshd_config
file to customize SSH server options. Make sure to edit only the options you are familiar with. A server can become inaccessible due to bad configuration.
Use the editor of your choice to edit the file. You’ll need superuser permissions to make changes. In Linux, we use vim:
In the command line on a remote host, type in:
Enter the sudo password, and the shell opens the file in the editor you used.
When you make changes to the SSH configuration, you’ll need to restart the service in Linux.
Depending on the Linux distro, run one of the following commands on the machine where you modified the settings:
or:
Finally, enter the password to complete the process. As a result, the next SSH session will use the new settings.
Working on a remote server using SSH requires knowing basic SSH commands. Use the commands and options in this article to manage a remote host. Note that you can combine the flags to get the output you need.
Use the pwd
command to show the file system path.
The output displays the location of the directory you are in.
To list the contents of a current working folder, use the ls command.
The shell will show the names of all directories, files, and links. To get more information, add one of the following flags:
-a
displays hidden files and entries starting with a dot.-l
shows file details for directory contents. For example, the output includes permissions, ownership, date, etc.-s
lists the size of files, in blocks. Add -h to show the size in a humanly-readable form.
To navigate to a specific folder, use the cd
command and a name or path of a directory.
Remember that the names are case sensitive. Use cd
without a name or path to return to the user’s home directory.
Useful cd
options include:
cd ..
go to the directory one level higher than your current location.cd -
switch to the previous directory.cd /
go to the root directory.
Use the cp
command to copy a file or directory. You’ll need to include the name of the file and the target location.
To copy file1 from Desktop to Dir1, type in:
To change the name of file1 while copying it to another destination, use this format:
This command copies file1 to Dir1 with a name you specify.
To copy a directory and its contents, use the -r flag in this format:
The mv
command works in the same manner as the copy command.
For instance, to move a file to another location, type in:
The touch
command allows you to create a new file with any extension.
In the terminal, enter the following command:
For example, to create a system.log file, type in:
To create a directory, use the mkdir
command. Enter a new directory name or full path in this format:
Or:
To delete a Linux file , use rm
in this format:
In addition, you can enter a full path:
To delete a directory, add the -r
flag to the rm command.
To view the status of all network adapters, use the ifconfig
command. Moreover, when you don’t use any options with ifconfig, the output displays only active interfaces.
To clear the current working area of your bash screen, type clear
in the shell. This command clears one portion of the screen and shifts up the previous output.
To remove the output from the terminal completely, use the reset
command.
Run a Command on a Remote Server from a Local Computer
This method does not create a new shell. Instead, it runs a command and returns the user to the local prompt. You can create a file, copy files, or run any other SSH command in this format.
To remotely execute a command from the local machine, append an instruction to the SSH command. For example, to delete a file, type in:
Enter the password, and the file on the remote server will be deleted without creating a new shell.
The SSH tool comes with many optional parameters. The table below lists common SSH options and the corresponding descriptions.
SSH Option | Description |
-1 | Instructs ssh to use protocol version 1 |
-2 | Instructs ssh to use protocol version 2. |
-4 | Permits only IPv4 addresses. |
-6 | Permits only IPv6 addresses. |
-A | Enables authentication agent connection forwarding. Use this option with caution. |
-a | Disables authentication agent connection forwarding. |
-b bind_address | Use this option on the local host with more than one address to set the source address of the connection. |
-C | Enables data compression for all files. Only to be used with slow connections. |
-c cipher_spec | Use to select a cipher specification. List the values separated by a comma. |
-E log_fileName | Attaches debug logs to log_file instead of standard error. |
-f | Sends ssh to background, even before entering a password or passphrase. |
-g | Permits remote hosts to connect to ports forwarded on a local machine. |
-q | Runs ssh in quiet mode. It suppresses most error or warning messages. |
-V | Displays the version of ssh tool and exits. |
-v | Prints debugging messages for ssh connection. The verbose mode is useful when troubleshooting configuration issues. |
-X | Use this option to enable X11 forwarding. |
-x | Disable X11 forwarding. |
This article has covered the 19 most popular commands for using the SSH tool effectively. Now you can manage your server remotely with an added layer of security and have these commands at your fingertips.
Before executing these commands and options on a live server, we do recommend using a test machine first.
Next you should also read
The article covers the 5 most common and efficient ways to secure an SSH connection. The listed solutions go…
This article provides all the information you need in order to set up SSH encryption on your remote device.…
How To Generate Ssh Key In Unix
If you are using Debian 9 or Debian 10 to manage servers, you must ensure that the transfer of data is as…
Unix How To Generate Ssh Key
When establishing a remote connection between a client and a server, a primary concern is ensuring a secure…
MySQL is an open-source relational database server tool for Linux operating systems. It is widely used in…
Several tools exist to generate SSH public/private key pairs. The following sections show how to generate an SSH key pair on UNIX, UNIX-like and Windows platforms.
Generating an SSH Key Pair on UNIX and UNIX-Like Platforms Using the ssh-keygen Utility
UNIX and UNIX-like platforms (including Solaris and Linux) include the ssh-keygen utility to generate SSH key pairs.
- Navigate to your home directory:
- Run the ssh-keygen utility, providing as
filename
your choice of file name for the private key:The ssh-keygen utility prompts you for a passphrase for the private key.
- Enter a passphrase for the private key, or press Enter to create a private key without a passphrase:
Note:
While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.
The ssh-keygen utility prompts you to enter the passphrase again.
- Enter the passphrase again, or press Enter again to continue creating a private key without a passphrase:
- The ssh-keygen utility displays a message indicating that the private key has been saved as
filename
and the public key has been saved asfilename
.pub
. It also displays information about the key fingerprint and randomart image.
Generating an SSH Key Pair on Windows Using the PuTTYgen Program
Ssh Generate Key Pair
The PuTTYgen program is part of PuTTY, an open source networking client for the Windows platform.
Command To Generate Ssh Key In Unix Server
- Download and install PuTTY or PuTTYgen.
To download PuTTY or PuTTYgen, go to http://www.putty.org/ and click the You can download PuTTY here link.
- Run the PuTTYgen program.
- Set the Type of key to generate option to SSH-2 RSA.
- In the Number of bits in a generated key box, enter 2048.
- Click Generate to generate a public/private key pair.
As the key is being generated, move the mouse around the blank area as directed.
- (Optional) Enter a passphrase for the private key in the Key passphrase box and reenter it in the Confirm passphrase box.
Note:
While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.
- Click Save private key to save the private key to a file. To adhere to file-naming conventions, you should give the private key file an extension of
.ppk
(PuTTY private key).Note:
The.ppk
file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY as your SSH client. It cannot be used with other SSH client tools. Refer to the PuTTY documentation to convert a private key in this format to a different format. - Select all of the characters in the Public key for pasting into OpenSSH authorized_keys file box.
Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren't seeing all the characters.
- Right-click somewhere in the selected text and select Copy from the menu.
- Open a text editor and paste the characters, just as you copied them. Start at the first character in the text editor, and do not insert any line breaks.
- Save the text file in the same folder where you saved the private key, using the
.pub
extension to indicate that the file contains a public key. - If you or others are going to use an SSH client that requires the OpenSSH format for private keys (such as the
ssh
utility on Linux), export the private key:- On the Conversions menu, choose Export OpenSSH key.
- Save the private key in OpenSSH format in the same folder where you saved the private key in
.ppk
format, using an extension such as.openssh
to indicate the file's content.