Good Practice Recommendations for Working with SSH Key Pairs

Follow these guidelines so that you can manage and use SSH key pairs to connect to remote hosts securely on the network.

• Set a strong passphrase when you generate the SSH key pair.

  For more information, see Generating Key Pairs Using the ssh-keygen Command.

• Verify the SSH key agent to avoid needing to type in the passphrase at every login.

  For more information, see Using the SSH Key Agent to Remember Passphrases.

• Restrict access for any SSH key pair that doesn't have a passphrase and is only used for scripting purposes.

  For more information, see Restricting SSH Key Access to Specific Commands.

• Don't share the private key with anyone else. Each member of the team must have their own SSH key pair so that the system administrator can control access to network resources.

• Don't copy the private key, or forward the SSH agent, to any other machine, remote servers, or cloud instances.

  For more information, see Copying Public Keys to Remote Servers.

• Don't store a copy of the private key on a bastion or jump host.

  For more information, see Using ProxyJump For Access Through a Jump Host.