Generating SSH key – the best way

tl;rd:

ssh-keygen -t rsa -b 2048 -C "user@institution" -f ~/.ssh/institution-user

where:

• user is your identifier, e.g., "joe"
• institution is your workplace, or an indication that it is your personal key, e.g., "buchcorp", "personal", etc.

An additional step is to rename the private key to have a *.pem extension:

mv ~/.ssh/institution-user ~/.ssh/institution-user.pem

I don't know the security standpoint/standards, but from the user experience/usability point of view I am a great fan of file extensions in general.

Important ingredients of a perfect ssh-keygen command

There are numerous tutorials on the web how to generate a pair of SSH keys. However, I didn't find a single one that covers all the arguments/parameters that in my opinion are essential when generating an SSH key pair via a terminal. What are these essential ingredients of a perfect ssh-keygen command? Here they are:

1. Comment –- needles to say, the comment doesn't seem that important, unless you are faced with an impossible task of disentangling a multiple keys sitting in authorized_keys for months, if not years. Good luck guessing which key belong to who then :) In other words, always put a meaningful text that will allow others (as well as yourself) to identify the particular key as yours (unless you are a hacker, or whatever :D )

2. Filename -- you want your private and public keys to have a meaningful name right away –- else they can get lost in a number of the default id_rsa files, or worse –- you will overwrite an important key. Please note that I explicitly mention the path to the file: -f ~/.ssh/key-name (instead of specifying just the file name).

The command

Here is the example command using the above-mentioned characteristics:

ssh-keygen -t rsa -b 2048 -C "user@institution" -f ~/.ssh/institution-user

where:

• user is your identifier, e.g., "joe"
• institution is your workplace, or an indication that it is your personal key, e.g., "buchcorp", "personal", etc.

mv ~/.ssh/institution-user ~/.ssh/institution-user.pem

I don't know the security standpoint/standards, but from the user experience/usability point of view I am a great fan of file extensions in general.

Sources

1. https://www.ssh.com/academy/ssh/keygen#specifying-the-file-name
2. https://docs.gitlab.com/ee/user/ssh.html

Bonus: see how to manage multiple SSH keys in my other article: https://dev.to/mikolajbuchwald/git-via-ssh-multiple-keys-management-3bkm

Cover image: photo by Michael Dziedzic on Unsplash