gnome-keyringallows you to enter that passphrase periodically, instead of each time you use the key to access a remote system.
ssh-keygencommand, and choosing the defaults at all the prompts:
~/.sshdirectory, which will be created if it does not exist:
.pubis the public key that needs to be transferred to the remote systems. It is a file containing a single line: The protocol, the key, and an email used as an identifier. Options for the
ssh-keygencommand allow you to specify a different identifier:
ssh-keygencommand also displays the fingerprint and randomart image that are unique to this key. This information can be shared with other people who may need to verify your public key.
-loption lists the fingerprint, and the
-voption adds the ASCII art.
ssh-copy-idcommand. If you used the default name for the key all you need to specify is the remote user and host:
ssh-keygencommand with the
-f), and the old (
-P) or new (
-N) passphrases on the command line. Remember that any passwords specified on the command line will be saved in your shell history.
ssh-keygenman page for additional options.
ssh-keygen, and the new public key has to be transferred to the desired remote systems.
kdumputility, when configured to dump the kernel to a remote system using SSH, is one example.
ssh-agentdaemon and an
ssh-addutility to cache the unlocked private key. The GNOME desktop also has a keyring daemon that stores passwords and secrets but also implements an SSH agent.
ssh-keygento generate keys and the
authorized_keymodule adds and removes SSH authorized keys for particular user accounts.
openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
-puboutflag is really important. Be sure to include it.
public.pemand ensure that it starts with
-----BEGIN PUBLIC KEY-----. This is how you know that this file is thepublic key of the pair and not a private key.
lesscommand, like this:
openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM
-puboutwas dropped from the end of the command.That changes the meaning of the command from that of exporting the public keyto exporting the private key outside of its encrypted wrapper. Inspecting theoutput file, in this case
private_unencrypted.pemclearly shows that the keyis a RSA private key as it starts with
-----BEGIN RSA PRIVATE KEY-----.
-----BEGIN RSA PRIVATE KEY-----or
-----BEGIN PUBLIC KEY-----.
less private.pemto verify that it starts with a
-----BEGIN RSA PRIVATE KEY-----
less public.pemto verify that it starts with a
-----BEGIN PUBLIC KEY-----