The 🐻 necessities

Keys

A long version of this page can be found on the Arch wiki

The .ssh folder

It is good practice to have multuple ssh keys. Generally, use one ssh key per machine you own/have access to. A key represents a single machine.

SSH keys are stored in the ssh directory at ~/.ssh. To see your keys, use

ls ~/.ssh
authorized_keys  config  id_ed25519  id_ed25519.pub  known_hosts
  • authorized_keys are keys of other people (or other machines) that can access this machine
  • config contains the ssh config
  • id_ed25519 is a private key
  • id_ed25519.pub is a public key
  • known_hosts is extra data for security

You might see a file like id_rsa. That means your key uses the older rsa cryptography method, which is considered less secure and because of long key lengths, rather annoying to use. If possible, avoid such keys.

A public and a private key form a keypair. The public key can be freely given to other parties, while you keep the private key a secret. As such, keypairs can work a like password authentication.

When another machine has your public key in their authorized keys file, you are allowed to log in to that machine. To prove that you are allowed to, you use your private key which, if managed properly, only you know. This all happens automatically.

If you have a private key, and machine you log in to has the corresponding public key, no password is needed and you instantly ger access over SSH or SCP.

Creating keys

To create a new keypair, you use ssh-keygen. New SSH versions should default to ed25519, though if after you generated a new key you find that it created files called id_rsa(.pub) try ssh-keygen -t ed25519.

Copying ssh keys

To get access to another machine over SSH, your public key needs to be in the other machine's authorized_keys file. You could do this manually, but there is an easier way. If you already have password access, simply use ssh-copy-id:

# if this already works
ssh lyss@machine
# you probably see:
# > lyss@machine's password: ...

# go back to your own machine
exit

# run this command and use your password once more:
ssh-copy-id lyss@machine
# > lyss@machine's password: ...

# now ssh doesn't require a password anymore
# and instantly logs in
ssh lyss@machine