Tech Chorus

SSH Key Management 101

written by Sudheer Satyanarayana on 2021-11-25

What is SSH Key Management 101?

It is a fancy way to say that the blog post is intended towards someone new to SSH key management.

The Premise

So, someone walked up to you or in a video call asked for your SSH public key?

It's a common practice to allow access to Linux servers over SSH using cryptographic keys. There are various situations that lead to various techniques of handling them.

SSH Key Management

Pr-requisites And Assumptions

The blog post assumes that you already know how to access SSH servers using a private key. Perhaps you have already been using SSH with the private keys provided by your company.

Step 1: Generate An SSH Key Pair

If you do not already have an SSH key pair, generate one using the ssh-keygen command. There are a few algorithm and key size choices. Currently, I am recommending the Ed25519, EdDSA signature scheme.

ssh-keygen -t ed25519 -C "youremail@example.com"

The command will prompt you to type the passphrase. It is possible to have an empty passphrase, but it is highly discouraged. Use a strong passphrase. Every time you want to use your SSH key to logon to a remote server, you will need the passphrase. Utilities such as key rings make it easy to utilize the private key by storing your passphrase on your computer in a secure manner. For convenience, you might want to use the key ring service offered by your operating system.

The above command generates a key pair. The key pair has two files - a) public key b) private key. Pay attention to the command output, especially to the file paths.

Step 2: Backup

Try not to loose the key pair. You can distribute the public key publicly. For example, you can put it up on your website or Github profile. Ensure you backup your private key to a secure vault. Losing private key can sometimes lock you out of critical server access.

The next time someone asks for your SSH public key, hand them out your public key file. Or simply point them to the URL where you have published your public key.

Never ever share your private key or passphrase with anyone. As the name suggests, it is the private key. Keep it private and keep it to yourself.

Mixing Personal And Company Keys Is Bad

Why? If you have two keys and if one of them is compromised the other can still be used. In other words, using the same key for both personal and company access is bad. Of course not for every situation. Therefore, treat this is a rule of thumb.

If you work with more than one company or many unrelated projects within a company, you might want to use a unique key pair per company. Repeat the same steps mentioned above to create and safeguard the keys for all your projects. Keeping company and personal keys separate leads to peace of mind. Thank me later.

Tags: ssh linux cryptography security key public key cryptography best practices command line keyring vault