During key generation process some questions are asked. By default, keys are stored in the users home directory. The exact path is /home/ismail/.ssh/ and keys are named idrsa.pub, idrsa. Steps to setup secure ssh keys: Create the ssh key pair using ssh-keygen command. Copy and install the public ssh key using ssh-copy-id command on a Linux or Unix server. Add yourself to sudo or wheel group admin account. Disable the password login for root account. Test your password less ssh keys login using ssh user@server-name command. The public key can be shared, while the private key needs to stay secure. SSH key pairs are used to authenticate clients to servers automatically. When you create an SSH key pair, there is no longer a need to enter a password to access a server. On the host machine’s terminal, use this command to create a key pair: ssh-keygen -t rsa. First it confirms where you want to save the key (.ssh/idrsa), and then it asks twice for a passphrase, which you can leave empty if you don’t want to type a password when you use the key. However, if you do use a password, make sure to add the -o option; it saves the private key in a format that is more resistant to brute-force password.
ssh-add is a helper program for ssh-agent.
ssh-add adds RSA or DSA identity files to the ssh agent. For ssh-add to work properly, the agent should be running, and have the SSH_AUTH_SOCK environment variable set.
1. Fix “Could not Open” Error (and Add Default RSA/DSA identities)
By default, when you try to execute the ssh-add command, you might get “Could not open a connection to your authentication agent.” error message as shown below.
The reason is ssh-agent is not running.
But, if you start the ssh-agent as shown below, you’ll still get the same error.
In order to fix the issue, you should start the ssh-agent as shown below.
Now, when you execute the ssh-add, it will add the ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity files to ssh-agent, and will not throw any error message.
2. Display the entries loaded in ssh-agent
Use either -l or -L as shown below to display all the RSA and DSA entries that are currently loaded into the ssh-agent.
The following examples shows that there are two entries currently loaded to the ssh-agent.
3. Delete all entries from ssh-agent
Use option -D as shown below to remove all the ssh entries from the ssh-agent.
4. Delete specific entries from ssh-agent
Using -d option, you can specify exactly what entries you like to delete.
The following example will remove only the default RSA entry from the ssh-agent.
Ssh Public Key Example
5. Lock (or) Unlock the SSH Agent
You can lock the ssh agent as shown below using -x option. Once you lock the agent, you cannot add, delete, or list entries in the ssh agent without a password.
Ssh Key Example Linux
After locking, if you try to add, you’ll se SSH_AGENT_FAILURE message as shown below.
To unlock an agent, use -X option as shown below. Make sure you enter the same password that you gave while locking the agent. If you give a wrong password, you’ll set “Failed to unlock agent.” message.