Linux / UNIX: Generate SSH Keys

How do I generate ssh keys under Linux / UNIX / Mac OS X and *BSD operating systems for remote login?

SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if required. You can create ssh keys as follows on any Linux or UNIX-like operating systems including Mac OS X.[donotprint]
Tutorial details
DifficultyEasy (rss)
Root privilegesNo
RequirementsNone
Time5m
[/donotprint]

ADVERTISEMENTS

ssh-keygen command to Generate SSH Keys

The ssh-keygen command generates, manages and converts authentication keys for ssh client and server usage. Type the following command to generate ssh keys (open terminal and type the command):
$ ssh-keygen
Generate SSH keys looks as follows:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/vivek/.ssh/id_rsa): 
Created directory '/home/vivek/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/vivek/.ssh/id_rsa.
Your public key has been saved in /home/vivek/.ssh/id_rsa.pub.
The key fingerprint is:
58:3a:80:a5:df:17:b0:af:4f:90:07:c5:3c:01:50:c2 vivek@debian
The key's randomart image is:
+--[ RSA 2048]----+
|   .+o++o.       |
|   +E. ++        |
|  o . o o.       |
|   . o B .       |
|    . B S        |
|       *         |
|      . .        |
|       o         |
|        .        |
+-----------------+

The above command creates ~/.ssh/ directory. So if your user name is vivek, than all files are stored in /home/vivek/.ssh/ or $HOME/.ssh/ directory as follows:

  • $HOME/.ssh/id_rsa – Your private key. Do not share this file with anyone. Keep it private
  • $HOME/.ssh/id_rsa.pub – Your public key.

Please note that the passphrase must be different from your current password and do not share keys or passphrase with anyone. Also, make sure you have correct and secure permissions on $HOME/.ssh/ directory:

ls -ld $HOME/.ssh/
chmod 0600 $HOME/.ssh/

SSH Keys Are Generated, What Next?

You need to copy $HOME/.ssh/id_rsa.pub file to remote server so that you can login using keys instead of the password. Use any one of the following command to copy key to remote server called vpn22.nixcraft.net.in for vivek user:
ssh-copy-id vivek@vpn22.nixcraft.net.in
On some *nix system such as OS X ssh-copy-id command may not be installed, use the following commands (when prompted provide the password for remote user account called vivek) to install/append the public key on remote host:
ssh vivek@vpn22.nixcraft.net.in "umask 077; mkdir .ssh"
cat $HOME/.ssh/id_rsa.pub | ssh vivek@vpn22.nixcraft.net.in "cat >> .ssh/authorized_keys"

To login simply type:
ssh vivek@vpn22.nixcraft.net.in
The following command will help to remember passphrase
exec ssh-agent $SHELL
ssh-add
ssh vivek@vpn22.nixcraft.net.in

Optional ssh-keygen command syntax for advance users

The following syntax specifies the 4096 of bits in the RSA key to creation (default 2048):
ssh-keygen -t rsa -b 4096 -f ~/.ssh/aws.key -C "My AWs cloud key"
Where,

  • -t rsa : Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.
  • -b 4096 : Specifies the number of bits in the key to create.
  • -f ~/.ssh/aws.key : Specifies the filename of the key file.
  • -C "My AWs cloud key" : Set a new comment.

Now install the ~/.ssh/aws.key, run:
ssh-copy-id -i ~/.ssh/aws.key user@aws-server-ip
Test it with the ssh command:
ssh -i ~/.ssh/aws.key ec2-user@aws-server-ip
How To Generate SSH Keys in Linux or MacOS or Unix
See “How To Set up SSH Keys on a Linux / Unix System” for more info.

Conclusion

You learned how to create and generate ssh keys using the ssh-keygen command.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS

Comments on this entry are closed.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.