duckpond.dk - a very simple guide to ssh

This guide assumes you have basic knowledge of what SSH is and you wish to use SSH keys.


Step 1: generate a secure ssh key - this assumes you're using a unix-like platform, such as Linux or *BSD:
ssh-keygen -t ed25519 -a 256 -C "hostname"

ssh-keygen generates ssh keys, the options used: -t signifies type, we're picking ed25519, because it's currently, arguably the format with the best performance/security balance. -a is how many rounds of bcrypt to run on it, it defaults to 16, which is probably fine. I suggest 256 to be on the safe side. -C is a comment, that gives you a chance to identify the key. If for some reason, you do not trust ed25519, consider instead: ssh-keygen -t rsa -b 16384 -o -a 256 -C "hostname"

Once you're prompted for a passphrase, do yourself a favor and come up with a solid, secure passphrase that you know you'll be able to remember. I'd suggest 40-50 characters, no real words and mixed upper/lower case and numbers. I realize this is difficult to remember, but this key can be used to access any number of systems.

Step 2: add your public key (id_ed25519.pub / id_rsa.pub or whatever name you gave it) to ~/.ssh/authorized_keys on the host you wish to access.

Step 3: start ssh-agent, this is fairly easy.
Bash: ssh-agent | grep -v echo >> .bashrc
tcsh: ssh-agent -c | grep -v echo >> .cshrc

For other shells, consult man ssh-agent and/or man .

Step 4: open a new shell and add your key to the agent.
ssh-add ~/.ssh/id_ed25519
You'll be prompted for passphrase, enter it.

Step 5: you can now ssh without password, to accounts where your key is added to ~/.ssh/authorized_keys