ENG | Generating SSH keys for Enhanced Linux and Git Authentication
This concise tutorial illustrates the use of key-based authentication to access a Linux computer or Git repository using SSH keys.
Introduction
SSH, when used with key-based authentication, is highly secure and can be more secure than password-based authentication. This is because the private key that forms the basis of the SSH Key pair is typically stored securely on the client system and is not easily guessed or broken by brute force.
Generate key pair
- Generate a key pair. Consider using a password to secure your private keys.
- Append the newly generated public key to the
~/.ssh/authorized_keysfile. - Verify its functionality, at least locally.
IMPORTANT! Fedora 38 (and likely other modern distributions) does not accept RSA keys, which are created by default. Use either
ecdsa, or preferablyed25519.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[pavel@marten -=- /home/pavel/.ssh]$ ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/pavel/.ssh/id_ecdsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/pavel/.ssh/id_ecdsa
Your public key has been saved in /home/pavel/.ssh/id_ecdsa.pub
The key fingerprint is:
SHA256:WgusdU9lhLHLn8mpIgCSV2onsWoHXN56fUSzxTXZenE pavel@marten
The key's randomart image is:
+---[ECDSA 256]---+
| ooooo |
| ... o.= ..oE|
|..o=. . = o . o|
|ooB..o + + . . |
| =.+. = S + . |
|.. o.+ * = o + |
|. . o.. o . * |
| . . . |
| . .. |
+----[SHA256]-----+
[pavel@marten -=- /home/pavel/.ssh]$ cat id_ecdsa.pub >> authorized_keys
[pavel@marten -=- /home/pavel/.ssh]$ ssh -i id_ecdsa [email protected]
Last login: Sat May 1 13:12:45 2023 from 85.160.49.106
[pavel@marten -=- /home/pavel]$
Public key (
id_*.pub) is associated with the target server (e.g. Linux PC, GitHub, etc.).
Private key (
id_*.) is personal to you, and it’s wise to protect it with a password. Keep away from unauthorized access ‼️
To manage keys, use some comment, such as
ssh-keygen -t ed25519 -C "[email protected]", and save it into/home/pavel/.ssh/id_name_surname_corporation_com
SSH on Windows
- Enable the
OpenSSH Authentication Agentservice and set it to start automatically. You can do this by searching forServicesin the start menu, scrolling to “OpenSSH …”, right-clicking for properties, and adjusting the settings accordingly (Startup: Automatic -> Apply -> Start). - Copy the key from the remote server to
c:\Users\<your-username>\.ssh\, e.g.scp <your-username>@<hostname>.xyz:~/.ssh/id_ecdsa $env:USERPROFILE\.ssh\id_ecdsa - Add the key to the Authentication Agent using the command
ssh-add $env:USERPROFILE\.ssh\id_ecdsa. - Login to the remote server
ssh <your-username>@<hostname>.xyz
WinSCP
- In the WinSCP login dialog, navigate trough the following menus: Session -> Edit -> Advanced -> SSH -> Authentication -> Private key file.
- Select your key (
c:\Users\<your-username>\.ssh\id_ecdsa), let WinSCP convert it to PuTTY’s PPK format, and save it. - The key (
c:\Users\<your-username>\.ssh\id_ecdsa.ppk) should now be selected.
GitHub (added 2025-05-06)
Once I had this problem:
1
2
3
4
5
6
7
8
9
PS C:\dev-py\python-reporting> git remote add github [email protected]:XXX/python-reporting.git
PS C:\dev-py\python-reporting> ssh -T [email protected]
Hi pavel-perina! You've successfully authenticated, but GitHub does not provide shell access.
PS C:\dev-py\python-reporting> git push -u github main
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
This was confusing because the SSH test worked perfectly, but Git push failed with a permission error. With some debugging using $env:GIT_SSH_COMMAND="ssh -v", I found that SSH was correctly using my new private key, but Git wasn’t using it for some reason.
What helped was editing c:\Users\pavel.perina\.ssh\config and adding the following:
1
2
3
Host github.com
IdentityFile c:\Users\pavel.perina\.ssh\id_pavel_perina_tescan_com
User git
This explicitly tells Git which SSH key to use when connecting to GitHub. I’m still not sure why this was necessary at work but not at home - possibly due to different SSH agent configurations or having multiple keys on my work machine.
If you encounter similar issues, checking your SSH config and making sure Git knows which identity file to use can save you a lot of frustration!