Skip to main content

Linux command: ssh-keygen - Generate SSH Keys

ssh-keygen -t rsa -C

ssh-keygen — authentication key generation, management and conversion

$ ssh-keygen -t rsa -C "your@email.address"

Private and public keys are save in ~/.ssh/ directory.

$ ls ~/.ssh
authorized_keys  id_rsa  id_rsa.pub  known_hosts

Using ssh key on Microsoft Windows 10

Copy private key id_rsa to %userprofile%\.ssh folder. However, you will get warning and cannot use that private key unless you limit permission to the owner ONLY.

C:\Users\Tuyen>ssh tuyendq@002.practicehabits.net
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'C:\\Users\\Tuyen/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "C:\\Users\\Tuyen/.ssh/id_rsa": bad permissions
tuyendq@002.practicehabits.net's password:

Using icacls to limit permission to access id_rsa key file

:: Set key variable as full path the the private key id_rsa file ::
set key="%userprofile%\.ssh\id_rsa"

:: Remove default inheritance ::
cmd /c icacls %key% /c /t /inheritance:d

:: Set ownership to the owner ::
cmd /c icacls %key% /c /t /grant %username%:F

:: Remove All users, except the owner ::
cmd /c icacls %key% /c /t /remove Administrator Administrators SYSTEM "Authenticated Users" "Users"

:: Then verify settings ::
cmd /c icacls %key%
:: End of script

Remove passphrase, you must have your old passphrase

openssl rsa -in ~/.ssh/id_rsa -out ~/.ssh/id_rsa_new

Popular posts from this blog

Docker: Commonly Used Commands

Repeat to remember Remember to repeat

Windows 10: Install SuSE Linux Enterprise - SLES

With Microsoft-Windows-Subsystem-Linux feature enabled, we can install Linux distributions on Windows 10.