tl;rd:
ssh-keygen -t rsa -b 2048 -C "user@institution" -f ~/.ssh/institution-user
where:
-
user
is your identifier, e.g., "joe" -
institution
is your workplace, or an indication that it is your personal key, e.g., "buchcorp", "personal", etc.
An additional step is to rename the private key to have a *.pem
extension:
mv ~/.ssh/institution-user ~/.ssh/institution-user.pem
I don't know the security standpoint/standards, but from the user experience/usability point of view I am a great fan of file extensions in general.
Important ingredients of a perfect ssh-keygen
command
There are numerous tutorials on the web how to generate a pair of SSH keys. However, I didn't find a single one that covers all the arguments/parameters that in my opinion are essential when generating an SSH key pair via a terminal. What are these essential ingredients of a perfect ssh-keygen
command? Here they are:
Comment –- needles to say, the comment doesn't seem that important, unless you are faced with an impossible task of disentangling a multiple keys sitting in
authorized_keys
for months, if not years. Good luck guessing which key belong to who then :) In other words, always put a meaningful text that will allow others (as well as yourself) to identify the particular key as yours (unless you are a hacker, or whatever :D )Filename -- you want your private and public keys to have a meaningful name right away –- else they can get lost in a number of the default
id_rsa
files, or worse –- you will overwrite an important key. Please note that I explicitly mention the path to the file:-f ~/.ssh/key-name
(instead of specifying just the file name).
The command
Here is the example command using the above-mentioned characteristics:
ssh-keygen -t rsa -b 2048 -C "user@institution" -f ~/.ssh/institution-user
where:
-
user
is your identifier, e.g., "joe" -
institution
is your workplace, or an indication that it is your personal key, e.g., "buchcorp", "personal", etc.
mv ~/.ssh/institution-user ~/.ssh/institution-user.pem
I don't know the security standpoint/standards, but from the user experience/usability point of view I am a great fan of file extensions in general.
Sources
- https://www.ssh.com/academy/ssh/keygen#specifying-the-file-name
- https://docs.gitlab.com/ee/user/ssh.html
Bonus: see how to manage multiple SSH keys in my other article: https://dev.to/mikolajbuchwald/git-via-ssh-multiple-keys-management-3bkm
Cover image: photo by Michael Dziedzic on Unsplash
Top comments (0)