- do not write your passphrase in a publicly-readable place.
- do not share your passphrase with anyone.
- do not use a blank passphrase.
- do not write your private key in a publicly-readable place.
- do not share your private key with anyone.
- do share your public key.
~/.ssh(directory):700 (drwx------)~/.ssh/key_name.pub(public keys):644 (-rw-r--r--)~/.ssh/key_name(private keys):600 (-rw-------)~/.ssh/authorized_keys(public keys allowed by server):644 (-rw-r--r--)
$ cd ~/.ssh
$ ssh-keygen -b 4096 -f ./username_domain $ echo "identityfile ~/.ssh/firstname-lastnme" >> ~/.ssh/config$ ssh-keygen -l -f ~/.ssh/id_rsa # confirm public key not already present in cwd.
$ ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub # generate public key.
$ ssh-keygen -l -f ~/.ssh/id_rsa # confirm new public key matches existing private key.host foo.companyname.com
addkeystoagent yes
usekeychain yes
identityfile ~/.ssh/firstname-lastname_companyname
host *
addkeystoagent yes
usekeychain yes
identityfile ~/.ssh/default-keyname
identitiesonly yes
note: if you're on macos and want to use the keychain to store your passphrase, you'll need something similar to the following in your ssh config:
host *
UseKeychain yes
note: be sure that the key is added/configured in the ~/.ssh/config file!
- bash:
$ eval "$(ssh-agent -s)" - powershell (needs admin rights):
> Set-Service -Name ssh-agent -StartupType Automatic > Start-Service ssh-agent
$ ssh-add -k ~/.ssh/whatever-key-you-want
$ touch ~/.ssh/authorized_keys # after scp'ing key and changing key file permissions.
$ cat ~/key.pub >> ~/.ssh/authorized_keys
$ rm -f ~/key.pub