5 Ways to Create SSH Keys from the Command Line for DeployHQ

Introduction

SSH keys are essential for securely connecting to your servers. DeployHQ allows you to upload custom SSH keys to manage your deployments. In this blog post, we'll explore 5 different ways to create SSH keys from the command line, each with its own algorithm and configuration options.

SSH Keys: A Simple Explanation

Imagine you have a lock and key. The lock is like a public key, and the key is like a private key. Anyone can see the lock (public key), but only you have the key (private key) to open it.

How does SSH use these keys?

1. Handshake: When you try to connect to a remote computer using SSH, it gives you a lock (public key).
2. Encryption: You use your key (private key) to lock a secret message.
3. Sending: You send the locked message to the remote computer.
4. Unlocking: The remote computer uses its matching key (public key) to unlock the message.
5. Verification: If the message is unlocked correctly, the computer knows it's you and allows you to connect.

In short: SSH uses public and private keys to create a secure connection between your computer and a remote computer. It's like having a secret handshake that only you and the remote computer understand.

1. Generating an RSA Key

RSA is a widely used algorithm for generating public and private key pairs.

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

• -t rsa: Specifies the RSA algorithm.
• -b 4096: Sets the key size to 4096 bits (a common choice).
• -C "your_email@example.com": Adds a comment to the key for identification.

It's also true that for Ubuntu 22.04 and some strict hosting providers, you need to create your ssh key using SHA2 encryption algorithms instead of SHA1, if that the case then:

ssh-keygen -t rsa-sha2-512 -b 4096

• -t rsa-sha2-512: Specifies the rsa-sha2-512 algorithm.
• -b 4096: Sets the key size to 4096 bits (a common choice).

2. Generating an ECDSA Key

ECDSA (Elliptic Curve Digital Signature Algorithm) is another popular algorithm, often considered more secure than RSA for the same key size.

ssh-keygen -t ecdsa -b 521 -C "your_email@example.com"

• -t ecdsa: Specifies the ECDSA algorithm.
• -b 521: Sets the key size to 521 bits (a common choice for ECDSA).

3. Generating an Ed25519 Key

Ed25519 is a relatively new algorithm known for its speed and security, so it would be the recommended option. But, it's true that some hosting providers might not accept them.

ssh-keygen -t ed25519 -C "your_email@example.com"

• -t ed25519: Specifies the Ed25519 algorithm.

4. Generating a Key with a Specific Location

To save the key to a specific directory:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f ~/.ssh/my_custom_key

• -f ~/.ssh/my_custom_key: Saves the key to the specified file.

5. Generating a Key with a Passphrase

To protect your key with a passphrase:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -P "your_passphrase"

• -P "your_passphrase": Prompts for a passphrase to protect the key.

Uploading the Key to DeployHQ

Once you've generated your SSH key, you can upload the public key to DeployHQ. Follow these steps:

1. Log in to your DeployHQ account.
2. Navigate to your project settings.
3. Once you create a new server, you will be given the option to upload your custom key pair, as explained here
4. Paste the public key content (e.g., id_rsa.pub) into the provided field.
5. Click "Save."

Additional Tips:

• Key Size: Choose a key size that is appropriate for your security needs. Larger key sizes are generally more secure but can also be slower.
• Passphrase: Consider using a strong passphrase to protect your key.
• Key Management: Store your private key securely and avoid sharing it with others.
• Multiple Keys: You can upload multiple keys to DeployHQ for different users or purposes.

By following these steps and understanding the different SSH key algorithms, you can create and manage secure connections to your servers on DeployHQ.