Secure Shell (SSH) is a fundamental tool for developers, system administrators, and anyone requiring secure remote access to servers and systems. SSH keys provide a more secure method of authentication than traditional passwords by using a private-public key pair. This blog post guides you through setting up ed25519 SSH keys and configuring ssh-agent in both Windows Subsystem for Linux (WSL) and native Linux environments to enhance the security and simplicity of your remote connections.

Understanding SSH Keys and ssh-agent

Let’s begin by understanding the core components:

• SSH Keys: An SSH key pair consists of a private key, which is kept secret, and a public key, which is shared with servers. Authentication is done by proving you possess the private key without transmitting it over the network.

• ssh-agent: This background program caches your private keys and handles key-based authentication on your behalf. It’s especially useful for managing multiple keys or automating scripts without the need to enter passwords repeatedly.

Setting Up SSH Keys

1. Generating SSH Keys

To generate ed25519 SSH keys, follow these steps for both WSL and Linux:

1. Open a terminal.

2. Run the command to create a new SSH key pair: ssh-keygen -t ed25519 -C "your_email@example.com" Replace "your_email@example.com" with your email or a label for this key. This command creates an ed25519 key pair, known for its high security and efficiency.

3. You will be prompted to enter a file path to save the keys. The default is usually ~/.ssh/id_ed25519. Press Enter to accept the default or specify a different path.

4. Enter a passphrase for additional security when prompted. This passphrase will protect your private key on your local machine.

2. Copying the Public Key to the Server

To authenticate using your new SSH key, you need to place the public key on the server:

1. Display your public key with: cat ~/.ssh/id_ed25519.pub

2. Copy the displayed key.

3. On the server, paste this key into ~/.ssh/authorized_keys. If you can SSH into the server with a password, use this shortcut: ssh-copy-id -i ~/.ssh/id_ed25519.pub username@server_address Replace username@server_address with your actual server login.

3. Testing Your SSH Connection

Test the SSH connection to ensure your key works: ssh username@server_address If set up correctly, you’ll be prompted for the passphrase of your private key (if you set one) rather than the user’s password on the server.

Configuring ssh-agent

1. Starting ssh-agent

For both WSL and Linux, you start ssh-agent to manage your keys:

1. Start the agent: eval "$(ssh-agent -s)"
2. Add your private key to the agent: ssh-add ~/.ssh/id_ed25519 If you used a different path or key name, adjust the path accordingly.

2. Automating ssh-agent on Startup

To avoid manually starting ssh-agent every session, automate it:

• In Linux: Add the following to your ~/.bashrc or ~/.zshrc:

if [ -z "$SSH_AUTH_SOCK" ]; then
    eval "$(ssh-agent -s)"
    ssh-add ~/.ssh/id_ed25519
fi

• In WSL: We need to manage ssh-agent differently because of how WSL works. Paste this into your .bashrc file in your home directory.

ssh_pid=$(pidof ssh-agent)

# If the agent is not running, start it, and save the environment to a file
if [ "$ssh_pid" = "" ]; then
        ssh_env="$(ssh-agent -s)"
        echo "$ssh_env" | head -n 2 | tee ~/.ssh_agent_env > /dev/null
fi

# Load the environment from the file
if [ -f ~/.ssh_agent_env ]; then
        eval "$(cat ~/.ssh_agent_env)"
fi

By setting up SSH keys and configuring ssh-agent, you enhance the security and convenience of your remote connections. This setup eliminates the risk associated with passwords and streamlines your workflow, especially when handling multiple servers or automated tasks. Happy secure connecting!