$ nano ~/.ssh/known_hosts
ls -al ~/.ssh to see if existing SSH keys are present:
ls -al ~/.ssh # Lists the files in your .ssh directory, if they exist
Check the directory listing to see if you already have a public SSH key.
By default, the filenames of the public keys are one of the following:
To create a new SSH key pair:
Generate a new ED25519 SSH key pair:
ssh-keygen -t ed25519 -C "firstname.lastname@example.org"
Or, if you want to use RSA:
ssh-keygen -t rsa -b 4096 -C "email@example.com"
The -C flag adds a comment in the key in case you have multiple of them and want to tell which is which. It is optional.
If, in any case, you want to add or change the password of your SSH key pair, you can use the -p flag:
ssh-keygen -p -o -f <keyname>
ssh-keygen -p # Start the SSH key creation process Enter file in which the key is (/Users/you/.ssh/id_rsa): [Hit enter] Key has comment '/Users/you/.ssh/id_rsa' Enter new passphrase (empty for no passphrase): [Type new passphrase] Enter same passphrase again: [One more time for luck] Your identification has been saved with the new passphrase.
Copy your public SSH key to the clipboard by using one of the commands below depending on your Operating System:
pbcopy < ~/.ssh/id_ed25519.pub
WSL / GNU/Linux (requires the xclip package):
xclip -sel clip < ~/.ssh/id_ed25519.pub
Git Bash on Windows:
cat ~/.ssh/id_ed25519.pub | clip
Note: If you opted to create an RSA key, the name might differ.
sudo apt-get install openssl
To create a self-signed certificate
sudo openssl req -new -x509 -days 365 -nodes -out /path/to/cert.pem -keyout /path/to/cert.pem
Fill the fields as below
Country Name (2 letter code) [AU]:IE State or Province Name (full name) [Some-State]: Locality Name (eg, city) : Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Ltd Organizational Unit Name (eg, section) : Common Name (eg, YOUR name) :example.com Email Address :firstname.lastname@example.org
You can use this certificate with application such as apache, courier to provide ssl support.
Install and reload apache ssl module to enable ssl support
a2enmod ssl /etc/init.d/apache2 force-reload
Once this is done you’ll have Apache setup to accept SSL connections, but the server will still only be listening for incoming HTTP requests on port 80 - and not SSL connections on port 443. To fix this you must add a line to the file /etc/apache2/ports.conf:
The final step is to ensure that your virtual hosts, or main host, will accept SSL options. Add below lines to your VirtualHost tag.
SSLEngine on SSLCertificateFile /path/to/cert.pem
For reference here is a complete example which should be easy to modify/understand:
NameVirtualHost *:443 NameVirtualHost *:80 <VirtualHost *:80> ServerName earth.my.flat DocumentRoot /var/www/ ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined </VirtualHost> <VirtualHost *:443> ServerName earth.my.flat DocumentRoot /var/www/ ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined SSLEngine on SSLCertificateFile /path/to/cert.pem </VirtualHost>