SSH Keys — Setup and Security Best Practices
Sanjeev SharmaAdvertisement
SSH Keys — Setup and Security Best Practices
SSH keys enable secure passwordless authentication for DevOps tasks.
- SSH Keys — Setup and Security Best Practices
- Key Generation
- Configuration
- Usage
- Security Best Practices
- FAQ
Key Generation
# Generate new key pair
ssh-keygen -t ed25519 -C "user@example.com" -f ~/.ssh/id_ed25519
# Or RSA (older)
ssh-keygen -t rsa -b 4096 -C "user@example.com"
# Generates:
# ~/.ssh/id_ed25519 (private key)
# ~/.ssh/id_ed25519.pub (public key)
Configuration
# Set permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
# Create config file
# ~/.ssh/config
Host production
HostName prod.example.com
User deployuser
IdentityFile ~/.ssh/prod_key
ForwardAgent yes
Host staging
HostName staging.example.com
User devuser
IdentityFile ~/.ssh/staging_key
Usage
# Test connection
ssh -T git@github.com
# SSH with specific key
ssh -i ~/.ssh/custom_key user@host
# Copy public key to server
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@host
# Connect
ssh user@host
# SCP (secure copy)
scp -i ~/.ssh/key file.txt user@host:/path/
Security Best Practices
- Use Ed25519 keys (stronger than RSA)
- Set strong passphrases
- Rotate keys regularly
- Store private keys safely
- Disable password authentication
- Use SSH agents
FAQ
Q: Should I password-protect SSH keys? A: Yes. Add passphrase and use SSH agent to cache it.
Q: Can I have multiple SSH keys? A: Yes. Use different keys for different services.
Advertisement
