Login or register    

Public and Private SSH Keys

I tend to think of:

In this way, anyone might have access to the outside of a "house". Anyone could have access to the "lock" on a house. Only you should have access to the private "key".

How to create a new public and private ssh keypair

Create a ssh public/private keypair using Ed25519:

ssh-keygen -o -a 100 -t ed25519 -f id_ed25519

How to add the public key to a host

Append the contents of .pub key to a remote host's ~/.ssh/authorized_keys. The user's authorized_keys file may contain none or many keys.


The authorized_keys file must be mode 400

The .ssh directory must be mode 700

ssh agent

We use the ssh agent to load our private keys into memory.

To load a key, run:

ssh-add /path/to/private.key

To see your loaded keys, run:

ssh-add -l

To delete all keys from memory, run:

ssh-add -D

You can forward your ssh agent session from your workstation to a remote host. To do this, pass the -A flag when connecting with the ssh command, for example:

ssh -A user@host

When you get a shell, you can double check that your ssh agent was forwarded by running:

ssh-add -l

How to load many private keys into your ssh agent

Keep all your private keys in the same directory with the .key extension. Use the following script to add all private .key files to ssh agent:

for f in *.key; do ssh-add $f; done

The SSH agent will prompt for each key's passphrase in turn. This must be done after each reboot.

Could not open a connection to your authentication agent

You must have a running ssh-agent and your shell must have access to use it. If you get this error message when you attempt to run ssh-add then first run the following command to spawn an ssh-agent for this shell:

eval "$(ssh-agent)"

Now try to run ssh-add again.

Another command for debugging:


How to create a putty ppk

  1. Create a keypair: How to create a new public and private ssh keypair
  2. SCP the keypair from unix host to windows host
  3. Download and open puttygen.exe
    • Click the Load button
    • Browse to the private key, might need to choose 'All Files(*.*)' from dropdown
    • enter passphrase, click OK
    • Click the Save private key bytton
    • Name the new key with .ppk extension, and hit Save
  4. Add the .ppk to putty.exe and test


Leave a comment

Please login or register to leave a comment!