How to change and create SSH key on Linux?

In the world of Linux systems administration, SSH (Secure Shell) plays a crucial role in providing secure remote access to servers. SSH keys are an essential component of this authentication process. This article will guide you through the steps to change and create SSH keys on Linux.

What is SSH?

SSH, short for Secure Shell, is a cryptographic network protocol that enables secure communication and data transfer between two computers. It ensures the confidentiality and integrity of the transmitted information, making it a reliable method for remote access to servers and secure file transfers. also, you can read How to Connect to Linux Server From Windows Using SSH/Putty?

How to change and create SSH key on Linux?

Secure Shell (SSH) keys provide a secure and convenient way to authenticate yourself when accessing remote servers or transferring files securely. In this blog post, we will walk you through the process of changing an existing SSH key and creating a new one on a Linux system.

Step 1 – Check for Existing SSH Keys

First, let’s check if you already have SSH keys generated on your Linux system. Open a terminal and enter the following command:

ls ~/.ssh

This command will list all the files in the ~/.ssh directory. If you see files with the names id_rsa and id_rsa.pub (or similar), it means you already have SSH keys. If not, you can proceed to the next step to create a new key pair.

Step 2 – Changing an Existing SSH Key

If you have an existing SSH key and want to change it, follow these steps:

Open a terminal and navigate to the ~/.ssh directory:

cd ~/.ssh

Back up your existing key pair (optional but recommended):

cp id_rsa id_rsa_backup
cp id_rsa.pub id_rsa.pub_backup
Generate a new SSH key pair:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This command will prompt you to enter a file name to save the key pair. You can press Enter to accept the default (id_rsa) or provide a different name. It will also ask you to enter a passphrase. Adding a passphrase provides an extra layer of security but is optional.

Step 3 – Creating a New SSH Key

If you don’t have any existing SSH keys or want to create a new one for a different purpose, follow these steps:

Open a terminal and navigate to the ~/.ssh directory:

cd ~/.ssh

Generate a new SSH key pair:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This command will prompt you to enter a file name to save the key pair. You can press Enter to accept the default (id_rsa) or provide a different name. It will also ask you to enter a passphrase. Adding a passphrase provides an extra layer of security but is optional.

Replace the old public key on the remote server

Copy the contents of the newly generated public key (id_rsa.pub) and replace the existing public key on the remote server. The process may vary depending on the server or service you are using. Refer to the documentation of your specific server or service for instructions on updating SSH keys.

Test the new key

ssh -T git@example.com

Replace example.com with the hostname or IP address of the remote server. This command will test if your new SSH key is working correctly.

Copy the public key to the remote server

Copy the contents of the newly generated public key (id_rsa.pub) and add it to the authorized_keys file on the remote server. Again, the process may vary depending on the server or service you are using. Refer to the documentation of your specific server or service for instructions on adding SSH keys.

Test the new key

ssh -T git@example.com

Replace example.com with the hostname or IP address of the remote server. This command will test if your new SSH key is working correctly.

Why Do You Need to Change and Create SSH Keys?

Changing and creating SSH keys is necessary for various reasons. For instance, if you suspect that your private key has been compromised or if you need to grant access to additional users or servers, it’s important to generate new SSH keys. Regularly updating your SSH keys helps enhance the security of your system and mitigates the risk of unauthorized access.

Checking Existing SSH Keys

Before creating a new SSH key pair, it’s essential to check if you already have an existing one. To do this, open your terminal and navigate to the ~/.ssh directory. Look for files named id_rsa (private key) and id_rsa.pub (public key). If these files exist, you already have an SSH key pair. also, you can read What is Remmina?

Generating a New SSH Key Pair

To generate a new SSH key pair, follow these steps:

1. 1. Open a terminal on your Linux machine.
   2. Run the command ssh-keygen -t rsa -b 4096 to generate a new RSA key pair.
   3. You will be prompted to enter a file path for saving the key. Press Enter to save it in the default location (~/.ssh/id_rsa).
   4. Next, you will be asked to enter a passphrase. It is highly recommended to set a strong passphrase to enhance the security of your key pair.
   5. The key generation process will begin, and you will see some output indicating that the key pair has been generated successfully.

Adding the Public Key to the Server

Once you have generated your SSH key pair, you need to add the public key to the server you want to connect to. Follow these steps:

1. 1. Copy the public key to the server using the command ssh-copy-id username@server_ip. Replace username with your username and server_ip with the IP address or hostname of the server.
   2. You will be prompted to enter your password for authentication. Enter it and press Enter.
   3. The public key will be added to the authorized_keys file on the server, allowing you to authenticate using your private key.

Configuring SSH Client

To configure your SSH client to use the new key pair, follow these steps:

1. 1. Open the SSH client configuration file located at ~/.ssh/config using a text editor.
   2. Add the following lines to the file:

Host server_alias
HostName server_ip
User username
IdentityFile ~/.ssh/id_rsa

Replace server_alias with an alias for the server, server_ip with the IP address or hostname of the server, and username with your username.
3. Save and close the file.

Testing SSH Connection

To test your SSH connection using the new SSH key pair, follow these steps:

1. 1. Open a terminal on your Linux machine.
   2. Run the command ssh server_alias. Replace server_alias with the alias you set in the SSH client configuration file.
   3. If everything is configured correctly, you should be able to establish an SSH connection to the server without being prompted for a password.

Changing SSH Key

If you need to change your SSH key pair, follow these steps:

1. 1. Generate a new SSH key pair using the steps mentioned earlier.
   2. Remove the old public key from the server by deleting the corresponding entry from the authorized_keys file.
   3. Add the new public key to the server using the steps mentioned earlier.
   4. Update the SSH client configuration file to use the new private key by modifying the IdentityFile value.

Conclusion

In this article, we explored the process of changing and creating SSH keys on Linux. By following the outlined steps, you can enhance the security of your system and ensure secure remote access to your servers. Remember to regularly update your SSH keys and follow best practices to maintain a secure environment.