Access to hosted Linux systems

SSH key pair

Access to hosted Linux servers is usually done with a key pair for the SSH service.

Creation of a secure key pair for SSH under Linux

The following is an example of how to generate a secure SSH key pair. When generating, make sure that you generate a key pair of type ed25519. This is an elliptic curve for asymmetric cryptosystems that is categorised as secure.

We strongly recommend that you assign a secure passphrase ("password") to make unauthorised use of the private key more difficult.

ssh-keygen -t ed25519 -C ""

$ ssh-keygen -t ed25519 -C ""
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/user/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_ed25519
Your public key has been saved in /home/user/.ssh/
The key fingerprint is:
The key's randomart image is:
+--[ED25519 256]--+
| .oSo.=B. |
| o ..oo*o+o |
| o + +o=.B .  |
| . o = *.X o |
| = * S * + |
| o o B o |
| . o . E |
| . .     |
| |

The public key is located in the file ~/.ssh/ You store the content of the file - your public key - on the Linux servers you use in the file ~/.ssh/authorised_keys (one key per line). Afterwards, logging in to the system is no longer done by entering a password, but via your SSH key pair.

Creation of a secure key pair for SSH under Windows

The creation of a key pair for SSH under Windows is explained here. You will need the Puttygen programme for this and Putty for later access. Make sure that you always use the latest version of the programme.

The following screenshot shows the procedure for creating a key pair.

  1. Select the type EdDSA.
  2. Check whether Ed25519 (255 bits) is set.
  3. Click on Generate. Then move the mouse back and forth on the grey area of the window until the progress bar disappears.
  4. You can enter a comment for the key pair, e.g. your email address
  5. Assign a secure passphrase (password) with which the private key must be unlocked.
  6. Repeat the assigned passphrase.
  7. Save the public key.
  8. Save the private key in a folder that only you have access to.

You can now store the public key on the Linux system.

(Changed: 11 Mar 2024)  | 
Zum Seitananfang scrollen Scroll to the top of the page