I’m sorry for asking, but are you very new to Linux? It seems like you got it sorted out, but when you see something along the lines of </path/to/somewhere>, you should omit the <>. Basically, in your case, the command you are supposed to execute is sudo ssh-keygen -t ed25519 -b 4096 -C “root@ip_address” -f ~/.ssh.
My bad, I should’ve elaborated on the procedure. But I am glad you found out
Much appreciated @telometto , the convention used in < >. Yes, I forgot to say I’m new to the Linux servers and DIY with R Pi.
One thing I found out from your link on ed25519 is the key length is shorter than rsa, as a result, the number after -a (instead of -b 4096) needs to be short, so I set it to 100.
Quite daunting to read through man pages and what each option means and filter what’s relevant.
After the second command, you will be presented with a list.
At the first prompt, you press ‘9’ (which is ECC and ECC).
At the second prompt, press ‘1’ (Curve 25519).
You will see a third prompt, which is a warning, but nothing to worry about. Press ‘y’ and hit enter.
It will ask for the expiration of the key. This is up to you, my personal key never expires, so I chose ‘0’ (never expires). Another prompt right after this asks you to confirm your choice, so press ‘y’.
It will ask for your real name, an email address and a comment. IMPORTANT: if you are using it for… “questionable” purposes, it goes without saying that you should not enter your real name and email address (or any identifiable information).
A couple of options will be presented to you again (e.g. if you want to change anything). Press ‘o’ if everything looks good to go to the next step.
It will ask you to do something to generate enough entropy (“randomness”), like moving the mouse etc.
A pop-up window will show up and ask you to enter a passphrase for the key. Enter your desired passphrase.
The terminal will present you various information of the key you generated.
There should be a line that goes pub ed25519/RANDOM_NUMBER. Copy RANDOM_NUMBER (not the rest) before proceeding to the next step.
Done with the first part! Now, on to the next: subkeys.
It will prompt you to select method. Write ‘11’ into the terminal and hit enter.
Next three prompts will be Your selection?. Press ‘a’ on the first.
Press ‘s’ on the second.
Press ‘q’ on the last one.
Again, it will ask you which curve you want. Press ‘1’ (Curve 25519).
If a warning pops up, like gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard. Use this curve anyway? (y/N), you press ‘y’.
It will ask you for the expiration of the key once more. Again, your choice, but mine was ‘0’ (never expires). And it will ask you to confirm this with ‘y’.
Last confirmation: Really create? (y/N). Press ‘y’ if you’re happy with this.
It will ask you, once more, to do something to generate enough entropy.
It will ask you to enter your passphrase again. Enter it.
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ED25519 key sent by the remote host is
ERROR: SHA256:.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /var/home/username/.ssh/known_hosts to get rid of this message.
ERROR: Offending ED25519 key in /var/home/username/.ssh/known_hosts:1
ERROR: Host key for has changed and you have requested strict checking.
ERROR: Host key verification failed.
$ cat ~/.ssh/id_ed25519.pub
ssh-ed25519 <REALLY LONG STRING OF RANDOM CHARACTERS> user@host
If I’m not wrong for your case, you have 2 different machine. Let’s say Workstation and Server.
You generate the ssh key on your Workstation and get the folder ~/.ssh which is containing two files id_ed25519 and id_ed25519.pub.
After that, you want to make a copy of id_ed25519.pub from your current Workstation to your Server on ~/.ssh server directory via sftp but you failed to access your Server and got the messages above.
If this the case, the problem I believe is on your server. May be the server already have ssh key for remote connection.
Open up a terminal and enter ssh-keygen -R hostname (this will remove the entry from the known_hosts file).
SSH into the host (ssh IP_ADDRESS). It will prompt you if you want to continue connecting - enter ‘yes’.
Once you’ve managed to enter, press Ctrl+D to disconnect from the host.
Now, to add the key to the target, you enter ssh-copy-id -i $HOME/.ssh/YOUR_KEY_NAME.pub IP_ADDRESS.
It will ask you for the password. Enter it.
Disconnect by pressing Ctrl+D again.
[OPTIONAL STEPS BELOW]
Check if the ssh-agent is running in the background by using eval $(ssh-agent). You should get an output like Agent pid NUMBER
If the agent is running in the background (which it most likely is) you can use ssh-add to cache the passphrase to connect to the remote; it will ask you for the passphrase once, after which, you can just type ssh IP_ADDRESS and it will launch you directly into the remote without asking for a password. This is not persistent, though: it will only last as long as you have the terminal window open.
As for creating an SSH-key, the steps are as follows:
Open a terminal and enter ssh-keygen -t ed25519 -C "COMMENT TO IDENTIFY KEY" (COMMENT TO IDENTIFY KEY should obviously be substituted with something you enter but the " " should be left there).
It will ask you in which file to enter the key. NOTE: you can press enter and it will store the key in the path between the parentheses, with that filename. If you already have a key with the same name in that directory, it will overwrite the key unless you enter the whole path! E.g. /home/YOURUSER/.ssh/YOUR_PREFERRED_FILENAME.
It will ask you to enter a custom password.
You can verify if the key was successfully created, or check which keys you have, by using the command ls -la $HOME/.ssh. It will appear as YOUR_KEY_NAME and YOUR_KEY_NAME.pub.