encryption¶
Basic Encrypted Communication¶
The ssh-keygen command is used to set up a public/private key pair. Although it creates an RSA key by default, it also can be used to create a DSA or ECDSA key.
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:498z+yooD85c9e9gotxKe8/CylZK7A2IxJVxd6P7drs root@kvm-server01.example.com
The key's randomart image is:
+---[RSA 2048]----+
| .o. . o |
| o. . o . |
| . . . |
| o . |
| . . oS o |
| . ..+o.o |
| .o+B. * . |
| +.*==**o+ . |
| ++O+o+*BE. |
+----[SHA256]-----+
[root@kvm-server01 gans]#
If desired, you can set up RSA keys with a larger number of bits. In our testing, we were able to set up key pairs with up to 8192 bits fairly quickly, even on a virtual machine system with just one virtual CPU.
The command that starts the process is
ssh-keygen -b 8192
Alternatively, if a DSA key is needed, the following command can help. Only 1024-bit DSA keys are allowed. The process after this command is the same as shown in Figure 4-8.
ssh-keygen -t dsa
The next step is to transmit the public key to a remote system. It might be one of the servers you administer. If you’re willing to transmit that public key over the network (once per connection), the following command can work:
ssh-copy-id -i .ssh/id_rsa.pub michael@tester1.example.com