SSH Keys generation and authentication

Diego Martin | 03 Apr 2020

SSH Logo

Some systems such as source control repositories (e.g: GitLab, Bitbucker, GitHub, etc.) support SSH authetication. You can learn more about SSH Public Key Authentication and its advantages over traditional user-password authentication here.

Generate SSH Keys

The purpose of this post is to help you quickly generate a pair of SSH keys (public and private) with a Linux console (e.g: any Linux system or Linux terminal in Windows such as Git Bash).

ssh-keygen -b4096 -t rsa

By default, the private and public keys will have been created on $HOME/.ssh Copy-paste the public key inside id_rsa.pub onto the server you want to authenticate your host with (e.g: for GitLab go to the SSH keys section at your profile's settings)

Every time you need to authenticate against the remote server your bash console will prompt you for credentials.

Change Passphrase

If you need to change your paraphrase your key won't change. Simply run the following command on your bash.

ssh-keygen -p -f ~/.ssh/id_rsa

Remember Passphrase

Sometimes it is a bit annoying having to enter the passphrase each time we want to access the remote server for whatever read or write operation. A trick to make our life easier is to add a script that triggers when our session starts (e.g: when the git bash opens for first time), prompts for the passphrase and remembers it during the whole session.

To do so create a file called profile under your $HOME directory

env=~/.ssh/agent.env

agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }

agent_start () {
    (umask 077; ssh-agent >| "$env")
    . "$env" >| /dev/null ; }

agent_load_env

# agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running
agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)

if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
    agent_start
    ssh-add
elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
    ssh-add
fi

unset env

declare -x SSH_ENV="$HOME/.ssh/environment"

# start the ssh-agent
function start_agent {
    echo "Initializing new SSH agent..."
    # spawn ssh-agent
    ssh-agent | sed 's/^echo/#echo/' > "$SSH_ENV"
    echo succeeded
    chmod 600 "$SSH_ENV"
    . "$SSH_ENV" > /dev/null
    ssh-add
}

# test for identities
function test_identities {
    # test whether standard identities have been added to the agent already
    ssh-add -l | grep "The agent has no identities" > /dev/null
    if [ $? -eq 0 ]; then
        ssh-add
        # $SSH_AUTH_SOCK broken so we start a new proper agent
        if [ $? -eq 2 ];then
            start_agent
        fi
    fi
}

# check for running ssh-agent with proper $SSH_AGENT_PID
if [ -n "$SSH_AGENT_PID" ]; then
    ps -f -u $USERNAME | grep "$SSH_AGENT_PID" | grep ssh-agent > /dev/null
    if [ $? -eq 0 ]; then
  test_identities
    fi
else
    if [ -f "$SSH_ENV" ]; then
    . "$SSH_ENV" > /dev/null
    fi
    ps -f -u $USERNAME | grep "$SSH_AGENT_PID" | grep ssh-agent > /dev/null
    if [ $? -eq 0 ]; then
        test_identities
    else
        start_agent
    fi
fi

Then create another file .profile also under $HOME directory.

source ~/profile

This script will be automatically executed as soon as the user's bash session starts and it will execute the previous one. The passphrase will be asked only the first time.