Secure Shell Key Generation

Goal

By the end of this post, you will be able to create a secure shell ssh key that we can use to authenticate access the virtual machine created in, Baby's f First Google Compute Instance.

Secure Shell (SSH) is a network protocol that allows users to securely access a remote computer over an unsecured network - in other words over the internet. It uses the combination of a public and private key to ensure security. SSH is how to access the GCP compute engine instance from one's local machine.

The SSH key we'll create can be thought of as the lock for the front door of the house we are building in the Rails Deployments for Mere Mortals series.

Steps

The ssh-keygen command creates two files that work as a pair, just like a lock and key. After we create the lock and key, we'll put the lock on the VM we created in Baby's First Google Compute Instance.

Create a public and private SSH key.

ssh-keygen -t rsa -f ~/.ssh/project-1

Let's break down each part:

• ssh-keygen is the command-line tool for creating SSH keys.
• -t rsa specifies that we want an RSA key, which is a well-established algorithm for SSH keys.
• -f specifies the filename of the key.
• ~/.ssh/ is the standard directory for storing SSH keys in the home directory.
• project-1 is the name of the key file.

Use an empty passphrase by hitting enter twice.

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

The output will look like this:

Your identification has been saved in /Users/jesse/.ssh/project-1
Your public key has been saved in /Users/jesse/.ssh/project-1.pub
The key fingerprint is:
SHA256:EtYsTVZ08a/isNlu0byVLZ3x/Q3n9DMBpJutDwyoV7o jesse@Jesses-Mac-Studio.local
The key's randomart image is:
+---[RSA 3072]----+
|        ooo o.   |
|       *   . o   |
|      + +   o .  |
|     . o.  . . o |
|      ..So  +o..O|
|      ..o oo..==O|
|     . o  .oo..O=|
|      . .  Bo..o=|
|       E  oo=.  o|
+----[SHA256]-----+

You can view the files you just created.

ls ~/.ssh

If everything is going well, you'll see a project-1 file, which is the private key, and a project-1.pub , which is the public key.

❯ ls ~/.ssh
total 80
drwx------@ 10 jesse  staff   320B Dec 25 10:09 ./
drwxr-x---+ 54 jesse  staff   1.7K Dec 25 10:13 ../
-rw-r--r--@  1 jesse  staff    78B Jun 25  2023 config
-rw-------@  1 jesse  staff   4.9K Dec 22 08:27 known_hosts
-rw-------@  1 jesse  staff   2.6K Dec 25 10:09 project-1
-rw-r--r--@  1 jesse  staff   583B Dec 25 10:09 project-1.pub

If having two keys is confusing, think of of the public key as the lock on the front door of a house.

The private key is a secret key and it stays on the local computer. It should not be shared with anyone. If the VM is the basic structure of our house, the public key is the lock on the front door, and the private key is the house key. One would not hand a house key to a stranger.

A user must have the private key that matches the public key in order to access the VM.

Overtime more and more SSH keys will accumulate in the ~/.ssh directory, so having a name that matches a known project is a useful organization tactic.

Conclusion

In this post we used the ssh-keygen command to create a public and private key in the ~/.ssh directory. It's kind of like we just went to Home Depot and picked up a lock and key for our front door. In the next post, Locking Your Virtual Machine's Front Door, we'll add the public key to our VM. We'll install the lock.

Source documentation

• Create SSH Keys

Next post

Locking Your Virtual Machine's Front Door

Previous post

Baby's First Google Compute Instance