SSH keys provide a more secure and convenient way to authenticate with remote servers compared to passwords. This guide covers the essential steps to generate, configure, and use SSH keys on Linux systems, with specific notes for Fedora users.
What You'll Need
- A Linux system (examples use Fedora 42)
- Terminal access
- Basic command line familiarity
1. Generating Your SSH Key Pair
Modern systems should use Ed25519 keys for better security and performance:
ssh-keygen -t ed25519 -C "your.email@example.com"
For systems requiring RSA compatibility:
ssh-keygen -t rsa -b 4096 -C "your.email@example.com"
When prompted:
- File location: Press Enter to use default (
~/.ssh/id_ed25519) - Passphrase: Use a strong passphrase for security
Fedora Note: SELinux is enabled by default. Your keys will automatically get the correct context, but if you encounter issues:
restorecon -R ~/.ssh
2. Starting the SSH Agent
One-time startup:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
Persistent setup (recommended):
Create a systemd user service for automatic ssh-agent management:
systemctl --user enable --now ssh-agent
Add to your ~/.bashrc or ~/.zshrc:
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"
3. Adding Your Public Key to Remote Servers
Copy your public key to a remote server:
ssh-copy-id username@remote-server.com
Or manually:
cat ~/.ssh/id_ed25519.pub | ssh username@remote-server.com "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
4. SSH Configuration for Multiple Keys
Create or edit ~/.ssh/config:
# Work server
Host work-server
HostName work.company.com
User myusername
IdentityFile ~/.ssh/id_work
Port 2222
# Personal server
Host personal
HostName personal.example.com
User admin
IdentityFile ~/.ssh/id_personal
Now connect simply with:
ssh work-server
5. Security Best Practices
File Permissions
Ensure correct permissions (critical for SSH to work):
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
chmod 600 ~/.ssh/config
chmod 600 ~/.ssh/authorized_keys
Additional Security
- Always use passphrases on private keys
- Regularly rotate keys (annually recommended)
- Use different keys for different purposes
- Consider using hardware security keys for critical systems
6. Fedora-Specific Considerations
Firewall Configuration
If running SSH server on Fedora:
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
SELinux Context Issues
If you encounter permission denied errors:
sudo setsebool -P ssh_sysadm_login on
restorecon -R ~/.ssh
Troubleshooting Common Issues
Debug SSH connections:
ssh -v username@server.com
Test key authentication:
ssh -o PasswordAuthentication=no username@server.com
Check SSH agent:
ssh-add -l
Quick Reference
| Command | Purpose |
|---|---|
ssh-keygen -t ed25519 |
Generate new key pair |
ssh-add ~/.ssh/keyname |
Add key to agent |
ssh-copy-id user@host |
Copy public key to server |
ssh -v user@host |
Debug connection issues |
Further Reading
- SSH Academy - Advanced SSH Configuration
- Arch Linux SSH Keys Wiki (excellent technical depth)
- NIST Guidelines on Cryptographic Key Management
- GitHub SSH Documentation (good practical examples)
This guide covers the essentials for most use cases. SSH key management can be much more complex in enterprise environments with certificate authorities, hardware security modules, and centralized key management systems.
No comments:
Post a Comment