Generate SSH Keys

This KB provides instructions for generating SSH keys that can be used with LCB hosts managed by the Systems team.

Table of Contents

Overview

Ed25519 vs. RSA

There are some important differences between Ed25519 & RSA that are worth considering when choosing which SSH key type to use.  In terms of speed, security, and efficiency, Ed25519 is likely the better choice.  When compatibility--particularly with older systems--is essential, RSA is likely the better choice.

Zsh vs. Bash

In Unix-based operating systems like macOS, Zsh & Bash are two different shells that interpret commands entered into a command line interface like Terminal.  To determine your shell, launch Terminal, then run the following command: echo $SHELL.  Based on the output you see, use either the Zsh or the Bash instructions in the optional section below if you wish to create an alias in macOS.

Git Bash

Git Bash is a Windows application that emulates the Git command line interface.  While it is not the only such command line interface emulator for Windows, it is the one these instructions have been crafted around.  Git Bash, or a comparable command line interface emulator, is required to complete the optional section below if you wish to create an alias in Windows.  Git Bash can be obtained from the Git for Windows website.


Process

macOS

Ed25519

  1. Launch Terminal.
  2. Enter the following command:
    • ssh-keygen -t ed25519
  3. Press Return to accept the default location (i.e., ~/.ssh/).
  4. Enter a passphrase.
    • Note: a passphrase is mandatory for Ed25519 keys.
  5. macOS will generate the key pair and save them to the following locations:
    • ~/.ssh/id_ed25519
    • ~/.ssh/id_ed25519.pub
  6. If you would like to add the Ed25519 key to the Keychain Access app, enter the following:
    • ```ssh-add --apple-use-keychain ~/.ssh/id_ed25519```
  7. Close Terminal.

The file ending in ".pub" is your public key file and should be shared with the Systems team so they can add it to the public_keys.yaml file in the control-repo project in GitLab.

The other file is your private key, which should remain on the macOS device you used to generate it and should not be shared with anyone.

RSA

  1. Launch Terminal.
  2. Enter the following command:
    • ssh-keygen -t rsa
  3. Press Return to accept the default location (i.e., ~/.ssh/).
  4. Enter a passphrase or press Return to accept the default settings (i.e., no passphrase).
    • Note: a passphrase is optional for RSA keys.
  5. macOS will generate the key pair and save them to the following locations:
    • ~/.ssh/id_rsa
    • ~/.ssh/id_rsa.pub
  6. If you would like to add the RSA key to the Keychain Access app, enter the following:
    • ```ssh-add --apple-use-keychain ~/.ssh/id_rsa```
  7. Close Terminal.

The file ending in ".pub" is your public key file and should be shared with the Systems team so they can add it to the public_keys.yaml file in the control-repo project in GitLab.

The other file is your private key, which should remain on the macOS device you used to generate it and should not be shared with anyone.

Windows

Ed25519

  1. Launch Terminal.
  2. Enter the following command:
    • ssh-keygen -t ed25519
  3. Press Return to accept the default location (i.e., /c/users/NetID/.ssh/).
  4. Enter a passphrase.
    • Note: a passphrase is mandatory for Ed25519 keys.
  5. Windows will generate the key pair and save them to the following locations:
    • /c/users/NetID/.ssh/id_ed25519
    • /c/users/NetID/.ssh/id_ed25519.pub
  6. Close Terminal.

The file ending in ".pub" is your public key file and should be shared with the Systems team so they can add it to the public_keys.yaml file in the control-repo project in GitLab.

The other file is your private key, which should remain on the Windows device you used to generate it and should not be shared with anyone.

RSA

  1. Launch Terminal.
  2. Enter the following command:
    • ssh-keygen -t rsa
  3. Press Return to accept the default location (i.e., /c/users/NetID/.ssh/).
  4. Enter a passphrase or press Return to accept the default settings (i.e., no passphrase).
    • Note: a passphrase is optional for RSA keys.
  5. Windows will generate the key pair and save them to the following locations:
    • /c/users/NetID/.ssh/id_rsa
    • /c/users/NetID/.ssh/id_rsa.pub
  6. Close Terminal.

The file ending in ".pub" is your public key file and should be shared with the Systems team so they can add it to the public_keys.yaml file in the control-repo project in GitLab.

The other file is your private key, which should remain on the Windows device you used to generate it and should not be shared with anyone.

Aliases (Optional)

macOS

Zsh

This process assumes you are using an Ed25519 key in macOS.

  1. Launch Terminal.
  2. Enter the following command:
    • nano ~/.zshrc
  3. Add the following text to the file:
    • alias start_ansible='eval "$(ssh-agent)" && ssh-add ~/.ssh/id_ed25519'
  4. Press Control + X, then Y, then Enter to save & close the file.
  5. Enter the following command:
    • source ~/.zshrc

You can now run the following command after launching Terminal to quickly & easily complete the work of the Preparation section of the [Link for document 123180 is unavailable at this time] KB article for both Production and Test Raspberry Pi units:

  • start_ansible

Bash

This process assumes you are using an Ed25519 key in macOS.

  1. Launch Terminal.
  2. Enter the following command:
    • nano ~/.bash_profile
  3. Add the following text to the file:
    • alias start_ansible='eval "$(ssh-agent)" && ssh-add ~/.ssh/id_ed25519'
  4. Press Control + X, then Y, then Enter to save & close the file.
  5. Enter the following command:
    • source ~/.bash_profile

You can now run the following command after launching Terminal to quickly & easily complete the work of the Preparation section of the [Link for document 123180 is unavailable at this time] KB article for both Production and Test Raspberry Pi units:

  • start_ansible

Windows

Git Bash

This process assumes you are using an RSA key in Windows.

  1. Launch Git Bash.
  2. Enter the following command:
    1. nano ~/.bashrc
  3. Add the following text to the file:
    1. alias start_ansible='eval "$(ssh-agent)" && ssh-add /c/users/NetID/.ssh/id_rsa'
  4. Press Control + X, then Y, then Enter to save & close the file.
  5. Enter the following command:
    1. source ~/.bashrc

You can now run the following command after launching Git Bash to quickly & easily complete the work of the Preparation section of the [Link for document 123180 is unavailable at this time] KB article for both Production and Test Raspberry Pi units:

  • start_ansible



Keywords:
ssh key, linux computing base, lcb, systems team, systems, ed25519, rsa, macos, mac, windows, terminal, zsh, bash, git bash, git, shell, ssh-keygen, keygen, passphrase, pass phrase, key pair, keychain access, keychain, private key, public key, public_keys.yaml, control-repo, gitlab, nano, start ansible, ansible
Doc ID:
95212
Owned by:
Dylan R. in Libraries
Created:
2019-10-23
Updated:
2024-10-17
Sites:
UW-Madison Libraries