Generate SSH Keys
Table of Contents
Overview
Ed25519 vs. RSA
There are some important differences between Ed25519 & RSA that are worth considering when choosing which SSH key type to use. In terms of speed, security, and efficiency, Ed25519 is likely the better choice. When compatibility--particularly with older systems--is essential, RSA is likely the better choice.
Zsh vs. Bash
In Unix-based operating systems like macOS, Zsh & Bash are two different shells that interpret commands entered into a command line interface like Terminal. To determine your shell, launch Terminal, then run the following command: echo $SHELL. Based on the output you see, use either the Zsh or the Bash instructions in the optional section below if you wish to create an alias in macOS.
Git Bash
Git Bash is a Windows application that emulates the Git command line interface. While it is not the only such command line interface emulator for Windows, it is the one these instructions have been crafted around. Git Bash, or a comparable command line interface emulator, is required to complete the optional section below if you wish to create an alias in Windows. Git Bash can be obtained from the Git for Windows website.
Process
macOS
Ed25519
- Launch Terminal.
- Enter the following command:
- ssh-keygen -t ed25519
- Press Return to accept the default location (i.e., ~/.ssh/).
- Enter a passphrase.
- Note: a passphrase is mandatory for Ed25519 keys.
- macOS will generate the key pair and save them to the following locations:
- ~/.ssh/id_ed25519
- ~/.ssh/id_ed25519.pub
- If you would like to add the Ed25519 key to the Keychain Access app, enter the following:
- ```ssh-add --apple-use-keychain ~/.ssh/id_ed25519```
- Close Terminal.
The file ending in ".pub" is your public key file and should be shared with the Systems team so they can add it to the public_keys.yaml file in the control-repo project in GitLab.
The other file is your private key, which should remain on the macOS device you used to generate it and should not be shared with anyone.
RSA
- Launch Terminal.
- Enter the following command:
- ssh-keygen -t rsa
- Press Return to accept the default location (i.e., ~/.ssh/).
- Enter a passphrase or press Return to accept the default settings (i.e., no passphrase).
- Note: a passphrase is optional for RSA keys.
- macOS will generate the key pair and save them to the following locations:
- ~/.ssh/id_rsa
- ~/.ssh/id_rsa.pub
- If you would like to add the RSA key to the Keychain Access app, enter the following:
- ```ssh-add --apple-use-keychain ~/.ssh/id_rsa```
- Close Terminal.
The file ending in ".pub" is your public key file and should be shared with the Systems team so they can add it to the public_keys.yaml file in the control-repo project in GitLab.
The other file is your private key, which should remain on the macOS device you used to generate it and should not be shared with anyone.
Windows
Ed25519
- Launch Terminal.
- Enter the following command:
- ssh-keygen -t ed25519
- Press Return to accept the default location (i.e., /c/users/NetID/.ssh/).
- Enter a passphrase.
- Note: a passphrase is mandatory for Ed25519 keys.
- Windows will generate the key pair and save them to the following locations:
- /c/users/NetID/.ssh/id_ed25519
- /c/users/NetID/.ssh/id_ed25519.pub
- Close Terminal.
The file ending in ".pub" is your public key file and should be shared with the Systems team so they can add it to the public_keys.yaml file in the control-repo project in GitLab.
The other file is your private key, which should remain on the Windows device you used to generate it and should not be shared with anyone.
RSA
- Launch Terminal.
- Enter the following command:
- ssh-keygen -t rsa
- Press Return to accept the default location (i.e., /c/users/NetID/.ssh/).
- Enter a passphrase or press Return to accept the default settings (i.e., no passphrase).
- Note: a passphrase is optional for RSA keys.
- Windows will generate the key pair and save them to the following locations:
- /c/users/NetID/.ssh/id_rsa
- /c/users/NetID/.ssh/id_rsa.pub
- Close Terminal.
The file ending in ".pub" is your public key file and should be shared with the Systems team so they can add it to the public_keys.yaml file in the control-repo project in GitLab.
The other file is your private key, which should remain on the Windows device you used to generate it and should not be shared with anyone.
Aliases (Optional)
macOS
Zsh
This process assumes you are using an Ed25519 key in macOS.
- Launch Terminal.
- Enter the following command:
- nano ~/.zshrc
- Add the following text to the file:
- alias start_ansible='eval "$(ssh-agent)" && ssh-add ~/.ssh/id_ed25519'
- Press Control + X, then Y, then Enter to save & close the file.
- Enter the following command:
- source ~/.zshrc
You can now run the following command after launching Terminal to quickly & easily complete the work of the Preparation section of the [Link for document 123180 is unavailable at this time] KB article for both Production and Test Raspberry Pi units:
- start_ansible
Bash
This process assumes you are using an Ed25519 key in macOS.
- Launch Terminal.
- Enter the following command:
- nano ~/.bash_profile
- Add the following text to the file:
- alias start_ansible='eval "$(ssh-agent)" && ssh-add ~/.ssh/id_ed25519'
- Press Control + X, then Y, then Enter to save & close the file.
- Enter the following command:
- source ~/.bash_profile
You can now run the following command after launching Terminal to quickly & easily complete the work of the Preparation section of the [Link for document 123180 is unavailable at this time] KB article for both Production and Test Raspberry Pi units:
- start_ansible
Windows
Git Bash
This process assumes you are using an RSA key in Windows.
- Launch Git Bash.
- Enter the following command:
- nano ~/.bashrc
- Add the following text to the file:
- alias start_ansible='eval "$(ssh-agent)" && ssh-add /c/users/NetID/.ssh/id_rsa'
- Press Control + X, then Y, then Enter to save & close the file.
- Enter the following command:
- source ~/.bashrc
You can now run the following command after launching Git Bash to quickly & easily complete the work of the Preparation section of the [Link for document 123180 is unavailable at this time] KB article for both Production and Test Raspberry Pi units:
- start_ansible