How to create a public / private key pair using ssh-keygen on Linux

Home > Search > How-to
  by

A trusted certificate is one that is purchased from a trusted certificate authority (CA), such as www.verisign.com. Internet facing production applications should use a certificate from a trusted CA. For non-production applications, a self-signed certificate can be used.  Applications, such as PuTTY, will complain when a self-signed certificate is used.

The ssh-keygen command is used to create a public certificate and private key pair. Three files will be created:

Type of file File name
Private Key id_rsa or id_dsa
Public Certificate id_rsa.pub or id_dsa.pub

 

The -t (type) option can be used to specify the type, such as -t rsa or -t dsa. When prompted where to save the file, press enter to use the default file name and directory, or type your preferred directory and file name.

[root@server1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jeremy.canfield/.ssh/id_rsa):

 

It is always recommended to secure the keypair with a strong, unique passphrase.

Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):

 

The public certificate and private key are created.

Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a6:4e:fd:17:67:69:19:b5:22:0a:16:53:cf:47:b3:b3 root@server1
The key's randomart image is:
+--[ RSA 2048]----+
|        ..   o   |
|       o  o . o .|
|        o  o + ..|
|       o   ...+. |
|      . S . .E.+ |
|       + .  . *  |
|      o .    =   |
|     o   .  .    |
|      .   ..     |
+-----------------+

 

If your SSH server is OpenSSH, you can add the public certificate to the authorized_keys file on the OpenSSH server. If the OpenSSH server is configured to accept connection using a public / private key pair, you should be able to connect to the OpenSSH server with the public / private key pair you just created.

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments