Linux / Unix ssh-keygen: Create A Host Key File

How do I create a host key file to use with my applications as I can not use system defined /etc/ssh/ssh_host_rsa_key for non-root account under Linux / Unix / Apple OS X / *BSD operating systems?

Tutorial details
Difficulty level Easy
Root privileges No
Requirements OpenSSH and ssh-keygen
Est. reading time N/A
You need to use a command called ssh-keygen. This command generates, manages and converts authentication keys for ssh. It can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. he type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections. The -f option specifies the filename of the key file.

Why create a new host key files?

You may need a new key file:

  1. Your system is compromised.
  2. Your keys are stolen.
  3. You forgotten the passphrase.
  4. Your application need a new host key.
  5. You can not read the default system key files stored in /etc/ssh/ directory but your non-root application needs key.
  6. You got an error message which read as “Could not load host key: /etc/ssh/ssh_host_key*”.

ssh-keygen Syntax

The syntax is:

ssh-keygen -t 'rsa|dsa|rsa1'  -f /path/to/file


Create a host key file in your $HOME/.ssh/myapp as follows. First, create a directory to store your host key file, enter:
$ mkdir -p $HOME/.ssh/myapp
To create a host RSAv2 key file, run:
$ ssh-keygen -t rsa -f $HOME/.ssh/myapp/rsa_key_file
Sample outputs:

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/vivek/.ssh/myapp/rsa_key_file.
Your public key has been saved in /home/vivek/.ssh/myapp/
The key fingerprint is:
73:d0:e9:0a:5d:a3:3f:78:33:5d:0d:fe:e4:f4:25:39 vivek@wks01
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|         . .     |
|        . =   .  |
|       . = . . + |
|      . S o   E =|
|       . * . . Bo|
|        o * .   +|
|         . +     |
|                 |

Type the following commands to verify the keys:
$ ls -l $HOME/.ssh/myapp/
Sample outputs:

total 8
-rw------- 1 vivek vivek 1675 Oct 29 23:12 rsa_key_file
-rw-r--r-- 1 vivek vivek  393 Oct 29 23:12

You can now use keys with your app:
$ mycool-app -key $HOME/.ssh/myapp/rsa_key_file -d

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 1 comment so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
1 comment… add one
  • Jalal Hajigholamali Nov 2, 2012 @ 9:38


    Thanks a lot..

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum