Public and Private SSH Keys

I tend to think of:

• a server host as a "house"
• a public key as a "lock" on a door of a "house"
• a private key as a "key" to the "lock" on a door of a "house"

In this way, anyone might have access to the outside of a "house". Anyone could have access to the "lock" on a house. Only you should have access to the private "key".

How to create a new public and private ssh keypair

Create a ssh public/private keypair:

ssh-keygen -t rsa -b 4096   #enter a passphrase when asked

Document the passphrase in keypass

How to add the public key to a host

Append the contents of .pub key to a remote host's ~/.ssh/authorized_keys. The user's authorized_keys file may contain none or many keys.

How to add a private key to your workstation

Keep all your private keys in the same directory with the .key extension. Use the following script to add all private .key files to ssh agent:

for f in *.key; do ssh-add $f; done

The SSH agent will prompt for each key's passphrase in turn. This must be done after each reboot.

Could not open a connection to your authentication agent

You must have a running ssh-agent and your shell must have access to use it. If you get this error message when you attempt to run ssh-add then first run the following command to spawn an ssh-agent for this shell:

eval "$(ssh-agent)"

Now try to run ssh-add again.

Another command for debugging:

echo $SSH_AUTH_SOCK

How to create a putty ppk

1. Create a keypair: How to create a new public and private ssh keypair
2. SCP the keypair from unix host to windows host
3. Download and open puttygen.exe
   • Click the Load button
   • Browse to the private key, might need to choose 'All Files(*.*)' from dropdown
   • enter passphrase, click OK
   • Click the Save private key bytton
   • Name the new key with .ppk extension, and hit Save
4. Add the .ppk to putty.exe and test