Private key authentication is a way to log into another computer via SSH, and is an alternative to the username/password authentication. It can be more secure, because no one will ever guess your private key, and your private key is never sent over the network, so it cannot be intercepted. It can also be more convenient, because if you don’t assign a password to the private key, you don’t have to type a password to use it.
I create a separate key pair for each computer I use, so that I can always adjust which computers are allowed to log into which computer. I always forget how the
ssh-keygen command works, though, and that is the main reason I’m writing this down.
The command you want to use is
ssh-keygen -t rsa -b 2048 -C comment
The first two options may be unnecessary because on my computer they are the default values. On at least one of the servers I use, however, they are required. The comment is also unnecessary, but helpful.
If you want to use this key to connect to another computer, that computer needs to have a copy of your public key, usually stored in the file
Once I create a keypair for each computer I use, I copy all the public keys into a subdirectory of
~/.ssh that I call
authorized_keys.d. It helps to give each key a more useful name like
office.pub. Then I run
cat authorized_keys.d/* > authorized_keys
Repeat for each host that you want to connect for. The good thing is, if I want to authorize (or unauthorize) another computer, I just add (or remove) the new public key to the directory and rerun this command.