Authentication
Authentication keys come in two parts: a "public" component that is stored in the "~/.ssh/authorized_keys" file of any server where you want access. The other "private" component is stored only on your local system and allows you to gain access to any machine with the "public" key properly stored. It is impossible to deduce the contents of the private key given the public key. Thus, the private key is equivalent in power to the username and password that you would use to connect to a system without keys. Protect your private keys accordingly.
Local Encryption
Because private keys are very sensitive, it is crucial that you ensure the security of this data. Beyond ensuring that other users cannot read these files using standard file permissions, it is prudent to encrypt these keys locally. This helps guarantee that only individuals with the encryption passphrase will be able to use the private keys, even if they are able to access the key itself. Passphrases are only used to unlock the private key locally and are not transmitted in any form to the remote host.
SSH tools allow you to create private keys without encrypting them locally. This allows anyone with access to the private key to log into the remote host without any passwords. Although it makes it possible to log in to a remote host quickly without input, using unencrypted private keys is not recommended.
Generate Keys on a Unix-like System
The process for creating keys with a recent version of the OpenSSH package is the same across many different Unix-like operating systems.
To generate SSH keys for your host, issue the following command on your local system if you're using Mac OS X or Linux locally:
ssh-keygen
Answer all questions when prompted. The defaults are acceptable for most use cases. When complete, ssh-keygen generates an SSH key using the RSA algorithm. If you prefer the DSA algorithm, append "-t dsa" to the above command.
These SSH keys are located in the ~/.ssh/ directory. You will find the private key in the ~/.ssh/id_rsa file and the public key in the ~/.ssh/id_rsa.pub file.
Copy the public key into the ~/.ssh/authorized_keys file on the remote machine, using the following commands. Substitute your own SSH user and host names:
scp ~/.ssh/id_rsa.pub squire@example.com:/home/user/.ssh/uploaded_key.pub ssh squire@example.com "echo `cat ~/.ssh/uploaded_key.pub` >> ~/.ssh/authorized_keys"
Congratulations! You can now sign into your server using your public key.