Creating a SSH-key for a new user

A public key is like a door lock, and a private key is like the key. sr.ht is asking you for the public key, that means, they ask you to provide a lock, and they will install your lock in their server. Then, with your private key you will be able to open a connection to the server.

Your private key may be easy to use: just have it, and you can use it to open the lock.

But suppose you lose it; then it's not secure anymore; any person which has the key (which is a file) can connect to the server supplanting your identity.

Therefore, at the computer we do that the private key has a password (also called "passphrase"). Then, you do not only need to possess the key to open the lock; you also need to know how to use it (that means, you must have the public key and know the password).

So: use a passphrase for more security.

1. Run ssh-keygen with no parameters. If you want to change the encryption algorithm used, see the section below.
2. Location of the key: just press enter
3. Passphrase of the key: enter your new password; the one you will type each time to be able to connect. You can have no password at all, but it's not recommended; read the description at the introduction to know why.
4. Now you have 2 new files:
   • id_rsa: that's your new private key. Don't share it!
   • id_rsa.pub: that's your new public key. You can distribute it.
   • You will also see a fingerprint (like 31:c0:5a:92:70:5e:91… etc).
5. Look at the public key. If you don't like the user name which appears at the end, re-run =ssh-keygen -C "comment that you want" =

You can decide if at the key creation you want to use the algorithm RSA or the algorithm DSA.

If you know which one you like, you're lucky; use it!

If not, decide one; both will work.

By default, ssh-keygen uses RSA, but you can use ssh-keygen -t dsa to use DSA.