Linux / Unix ssh-keygen: Create A Host Key File

How do I create a host key file to use with my applications as I can not use system defined /etc/ssh/ssh_host_rsa_key for non-root account under Linux / Unix / Apple OS X / *BSD operating systems?

Tutorial details
DifficultyEasy (rss)
Root privilegesNo
RequirementsOpenSSH and ssh-keygen
You need to use a command called ssh-keygen. This command generates, manages and converts authentication keys for ssh. It can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. he type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections. The -f option specifies the filename of the key file.


Why create a new host key files?

You may need a new key file:

  1. Your system is compromised.
  2. Your keys are stolen.
  3. You forgotten the passphrase.
  4. Your application need a new host key.
  5. You can not read the default system key files stored in /etc/ssh/ directory but your non-root application needs key.
  6. You got an error message which read as “Could not load host key: /etc/ssh/ssh_host_key*”.

ssh-keygen Syntax

The syntax is:

ssh-keygen -t 'rsa|dsa|rsa1'  -f /path/to/file


Create a host key file in your $HOME/.ssh/myapp as follows. First, create a directory to store your host key file, enter:
$ mkdir -p $HOME/.ssh/myapp
To create a host RSAv2 key file, run:
$ ssh-keygen -t rsa -f $HOME/.ssh/myapp/rsa_key_file
Sample outputs:

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/vivek/.ssh/myapp/rsa_key_file.
Your public key has been saved in /home/vivek/.ssh/myapp/
The key fingerprint is:
73:d0:e9:0a:5d:a3:3f:78:33:5d:0d:fe:e4:f4:25:39 vivek@wks01
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|         . .     |
|        . =   .  |
|       . = . . + |
|      . S o   E =|
|       . * . . Bo|
|        o * .   +|
|         . +     |
|                 |

Type the following commands to verify the keys:
$ ls -l $HOME/.ssh/myapp/
Sample outputs:

total 8
-rw------- 1 vivek vivek 1675 Oct 29 23:12 rsa_key_file
-rw-r--r-- 1 vivek vivek  393 Oct 29 23:12

You can now use keys with your app:
$ mycool-app -key $HOME/.ssh/myapp/rsa_key_file -d

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

1 comment… add one
  • Jalal Hajigholamali Nov 2, 2012 @ 9:38


    Thanks a lot..

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.