331 words
2 minutes
SSH connection with public key
2021-10-21
2025-01-12
GNU-Linux
ssh

Connect with a public key rather than a User/Password represents several advantages:

  • a generated key will always be more robust than a password in general
  • there is no need to use a password to connect to SSH

Generation of the key#

  • Each of its commands can be used to define the type of encryption used to communicate with SSH:
SSH -KEYGEN -T RSA -B 4096
SSH -KEYGEN -T DSA
SSH -KEYGEN -T ECDSA -B 521
SSH -KEYGEN -T ED25519
  • It may be necessary to use this or that type of key depending on the type of encryption accepted by the server to which you connect.
TIP

It is recommended to use ED25519 which corresponds to the current standard in terms of security.

GENERATING PUBLIC/PRIVATE ED25519 KEY PAIR.
Enter File in Which to Save the Key (/home/contact/.ssh/id_ed25519):
Created Directory '/home/Contact/.ssh'.
Enter Passphrase (Empty for No Passphrase):
Enter SADS PASSPHRASE Again:
Your identification has been saved in /home/contact/.ssh/id_ed25519
Your public Key has been saved in /home/contact/.ssh/id_ed25519.pub
The Key Fingerprint is:
Sha256: Monhash Contact@Mondomain
The Key's Randomart Image is:
+-[Ed25519 256]-+
|%@+.|
| EBCVB.|
|+= BO.|
|+.O*.|
| oo..o.S S |
| =+oo o |
| B ++ o..|
|+= .. o.|
| o...|
+---- [SHA256] -----+

Inform connection information#

SSH-COPY-ID CONTACT@mondomain

ssh-copy-id Nom_user@ip_ou_domaine

/usr/bin/ssh-copy -id: info: source of key (s) to be installed: "/root/.ssh/id_rsa.pub"
The Authenticity of Host 'DNS.it.fr (172.16.10.10)' Can't Be Established.
ECDSA Key FingerPrint is sha256: LDA9PSN+R3COE3P2EH2HDAR6F50GATNLUTF5HW+QQKA.
Are you sure you want to continue connecting (Yes/No/[Fingerprint])?Yes
/usr/bin/ssh-copy-Iid: info: attempting to log in with the new key (s), to filter out any that are alreni installedy
/usr/bin/ssh-copy-ID: info: 1 key (s) remain to be installed-if you are prompt now it is to install the keys
admin@dns.it.fr's password:


Number of Key (s) Added: 1


Now Try Logging Into the Machine, with: "ssh 'admin@dns.it.fr'"
and check to make sure that only the key (s) you wanted were added.

Connect to SSH#

ssh admin@dns.it.fr

ssh nom_user@ip_ou_domaine

TIP

You are now connected in Shh thanks to the authorization key.

Export the authorization key
cat .ssh/authorized_keys
SSH-RSA AAAAB3NZAC1C2EAAAADAQABAABGQC/3HQOJNQS9OCUAKIFAMOB4TWLZFSGF50VAO7H7AT3
FIMZ+HQEKTTMDS8CXOJAHA1J+4Z4+2HFHBVO5EXL4/HMYZTMBJZVEIMAK+J5UXNRZX6EBVL6BTZG7W
EK5IFRRTBLVIDGKQRI4E1DV8C7NUPDQBAGTIS3+UW3MIWKKNY6HVGJ6TIQT1ELRI38CVUX26PCUG
6FBVHQXOXTBWLOJUXZYD2NAYH4ZLVYR34KTPYCNKAOVFAYRSNBVCQ3A7XQWLUURPYOAJTNDWCBUI4EKO
ISTFQVGC7BT9SCPMYYKLB+D58QOWL74VELOQIRUDGC0O66ZX3BCTKU6DW9AGI/LWDODJLQHQQDIHKDIHKDIHKDIHKDIHK
G15VIGNCNTCY4F9P+KCG3G2TP+KNXMMBTUWll8mma6odLGLFTPAXJXJS+L9CPEOUWT2SKGHGXPUXFL
Lmtnqfsjmtbzhh5ywb0eq8fyvnbisj02t0jd8goq6qcia+7rwou15vu+hip5qrcu17cejze = root@
PC-Admin
SSH connection with public key
https://xsec.fr/posts/linux/ssh-certificate/
Author
Xsec
Published at
2021-10-21
License
CC BY-NC-SA 4.0
Install Nginx + Webdav on debian 11
Create an OpenVPN server on debian
© 2025 Xsec. / RSS / Legal mentions