To test, you will need a client and test server. The client server is where we generate the keys.
When we generate keys, there will be a private key and a public key.
Then we copy the public key to the test server. When we ssh to the test server, the private key we have on the client server matches the public key that we copied to the test server.
To generate a new pair of SSH keys that uses Ed25519 algorithm on the client server, run:
# ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "somename" Generating public/private ed25519 key pair. Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_ed25519. Your public key has been saved in /root/.ssh/id_ed25519.pub. The key fingerprint is: SHA256:S5mglsGaa7byro5iFvC01VyFt+plsvrt5SLtTTzUHVU geekdecoder The key's randomart image is: +--[ED25519 256]--+ | o. E| | . o . .| | oo.. . . . | |. .o.+o. o. . ..| |.ooo+ S. . . .| | .oo .o.oo | | = ..* = | |+= . +.o= . | |B*+ .o.++.o | +----[SHA256]-----+
-f
Specifies filename of the keyfile, used for specifying other than default name
-a
number of primality test while screening DH-GEX candidates
-t
type of key (RSA, ED25519, DSA, etc)
-C
Comment (not used in algorithm, only used in public key)
-o
openSSH key format instead of older PEM (needs OpenSSH 6.5+)
If your account on the remote system doesn’t already contain a ~/.ssh/authorized_keys file, create one; on the command line, enter the following commands:
# mkdir -p ~/.ssh # touch ~/.ssh/authorized_keys
On Client, Copy Public SSH Key (id_ed25519.pub) to Remote Server
Using the command “ssh-copy-id” is the preferred way. You will need to have ssh access to the server to copy the key.
Here is the command:
# ssh-copy-id -i ~/.ssh/id_ed25519.pub root@server1.server.com -p22
Now try logging into the machine, with:
"ssh -p '22' 'root@server1.server.com'"
Check to make sure that only the key(s) you wanted were added.
Adding Your Key to SSH Agent
You can find your newly generated private key at ~/.ssh/id_ed25519 and your public key at ~/.ssh/id_ed25519.pub. Always remember that your public key is the one that you copy to the target host for authentication.
Before adding your new private key to the SSH agent, make sure that the SSH agent is running by executing the following command:
# eval "$(ssh-agent -s)"
Then run the following command to add your newly generated Ed25519 key to SSH agent:
#ssh-add ~/.ssh/id_ed25519
Or if you want to add all of the available keys under the default .ssh directory, simply run:
# ssh-add
If you want to just login to the server with the hostname vs the full domain like:
ssh “server1” vs “ssh -p ’22’ ‘root@server.com'”, then add a hostname entry to the client with the following:
# nano /etc/hosts ip.of.the.server server1.server.com server1
Now try the short ssh:
# ssh server1