Skip to content

Testing new ssh keys

You created a new ssh key, but are you actually testing it?


I routinely have to create new ssh keys for system users and also verify that they are working correctly. One possible area of confusion is how ssh keys are found by the ssh client.

While most of this information is not specific to osx, since I typically use a macbook running osx, I'll cover a couple of things somewhat specific to osx.

SSH clients will typically default to searching for a private key that exists in the user's home directory in a subdirectory named ".ssh"

So let's assume that you create an ssh key for a new user, utilizing ssh-keygen


ssh-keygen -t ed25519 -N some-new-passphrase -f id_newuser -C "new user"
 


Should you omit the -N parameter above you will be prompted for a passphrase. In either case, you should use passphrases in almost all situations to protect your system from lost or stolen private keys!!!

So if all goes well, you will now have a new public/private ssh key pair.

On the remote system, you will typically add the public key (id_newuser.pub in this example) to the .ssh/authorized_keys file.

While not the point of this article, you will also need to understand the permission requirements of the user's home .ssh directory and files. Make sure the directory and files are private to the user, or ssh connections will fail.

Time to test

Continue reading "Testing new ssh keys"