This script creates a new Ed21559 SSH public and private key-pair for ssh service.
🚧 Warning
I highly recommend setting passphrases for all keys created, in case the keys are stolen.
In a terminal, run
🚧 Warning
Replace server-hostname with the server's DNS or IP address and replace username with the user name you want to connect to on the server.
create_ssh_key_for_service.sh server-hostname username-
The script will create the ssh key-pair in the format username@server-hostname in the ~/.ssh folder and add the following to ~/.ssh/config file:
- Host server-hostname
- HostName server-hostname
- User username
- IdentityFile ~/.ssh/ssh-private-key
Copy the ssh public key .pub to the remote device in ~/.ssh/authorized_keys on the remote.
-
Uncomment lines in
/etc/ssh/sshd_configon the server. Lines# PubkeyAuthentication yesand# PasswordAuthentication no.sudo nano /etc/ssh/sshd_config
The file should look like this after editing.
... # Authentication: ... PubkeyAuthentication yes ... PasswordAuthentication no ... -
Copy the public key into
./ssh/authorized_keysfile on the server. Without having sshd already setup, it will have to be manually copied by another way. -
Enable and start the ssh daemon service on the server.
sudo systemctl enable sshd.service && sudo systemctl start sshd.service
-
Unblock port 22 (TCP)
sshin your firewall on the server to be able to now access the device using the public key.
-
Generate the keys for the github service.
create_ssh_key_for_service.sh github.com git
-
Go to https://github.com/settings/keys and click
New SSH key. -
Give the key a title (Optional), select Key type:
Authentication key(Default) and copy the text fromgit@github.com.pubinto the Key textbox. -
Click
Add SSH keybutton to complete.
Files are stored in ~/.ssh, these files should be archived and copied to a secure location as a backup.
Permission settings for the .ssh folder should be 700, the *.pub files should be 644 and the private keys and other files should be 600.