SSH key pair is a set of private/public keys used in securing network communication. These keys are normally required for passwordless SSH login to a remote host running SSH daemon (sshd). Here is how you would generate a pair of RSA keys:
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/nirbhay/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/nirbhay/.ssh/id_rsa.
Your public key has been saved in /home/nirbhay/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| .. |
| .. |
| .o o |
| .o. = . |
| ...o |
$ ls ~/.ssh/
Now that we have the private/public key files, all you need to do is copy/append the public key (id_rsa.pub) contents to the remote machine’s ~/.ssh/authorized_keys (600) file. DO NOT share the “private key”.
Note: On debian-based distributions, ssh-keygen is provided by openssh-client package.
** The (self-signed) SSL certificate generated by the procedure mentioned in this article should be used for testing purpose only **
Generating an SSL certificate is very simple. All you need is openssl package installed on your system. A key point to note here is that SSL certificates contain public key, which is always generated in pair with a private key. Here is the step-by-step procedure to generate one:
Lets first generate a 2048-bit RSA private key.
openssl genrsa -out privkey.pem 2048
$ openssl genrsa -out privkey.pem 2048
Generating RSA private key, 2048 bit long modulus
unable to write 'random state'
e is 65537 (0x10001)
So, we have the private key in place. This will be used to generate the certificate.
If “unable to write ‘random state'” bothers you, then check this out for a possible solution: http://stackoverflow.com/a/94458
The self-signed certificate
A certificate can now be generated using the following command.
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
$ openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:XX
State or Province Name (full name) [Some-State]:XX
Locality Name (eg, city) :XX
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XX
Organizational Unit Name (eg, section) :XX
Common Name (e.g. server FQDN or YOUR name) :XX
Email Address :XX
These files can easily be tested by starting a test SSL/TLS server (s_server(1) and connecting to it using a client (s_client(1)).
$ openssl s_server -port <port> -cert /path/to/cacert.pem -key /path/to/privkey.pem
$ openssl s_client -host <server-host> -port <server-port> -key /path/to/privkey.pem
Reference : https://www.openssl.org/docs/HOWTO/