The ssh-keygen command is used to create a public certificate and private key pair. The key pair is intended to be used for making a connection to an SSH server. By default, an RSA keypair will be created.
ssh-keygen . . . Generating public/private rsa key pair.
Or, the following command line options can be used so that you are not prompted for input.
[root@server1 ~]# ssh-keygen -t rsa -N '' -f /home/john.doe/.ssh/id_rsa <<< n 2>&1 >/dev/null
If the private key already exists, such as id_rsa, you can create the public certificate using the private key, like this.
ssh-keygen -y -f /home/john.doe/.ssh/id_rsa > /home/john.doe/.ssh/id_rsa.pub
It is always recommended to secure the keypair with a strong, unique passphrase.
Created directory '/home/john.doe/.ssh'. Enter passphrase (empty for no passphrase):
The public certificate and private key are created.
Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: a6:4e:fd:17:67:69:19:b5:22:0a:16:53:cf:47:b3:b3 root@server1 The key's randomart image is: +--[ RSA 2048]----+ | .. o | | o o . o .| | o o + ..| | o ...+. | | . S . .E.+ | | + . . * | | o . = | | o . . | | . .. | +-----------------+
Configure the .ssh directory to only the directory owner (john.doe in this example) has read/write/execute permission, and configure the public/private key pair so that only the onwer has read/write permission.
chmod 700 /home/john.doe/.ssh chmod 600 /home/john.doe/.ssh/id_rsa chmod 600 /home/john.doe/.ssh/id_rsa.pub
Optionally, use the ssh-add command to store your identity in the keychain.
eval `ssh-agent -s` ssh-add /home/john.doe/.ssh/id_rsa
The content of id_rsa.pub will be something like this (without the line breaks).
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqphOmkv0RPMn48EwCRED/eSSYsbyrRlxymWdEA/ rYuq4eqZAVzTYxJxnTuCTLnrr5hvVMYstcEnwFB+uXZut8UoCtOlrqA7gyy0EjdRh1qay1YXIbB QZxpHDmAy9D3aSDoa5sVwrC1GQzNN4nH58pGnoGF+Df/A76LlZeBfmO1hP/a7hLIf8L+2o4LfKM NBvqf37tlYDOKUA+mU+XSCmBbMk3/4UgYxuQ3HdE8w5RhFZf9Mbvb5GqubCy7N8zp6v/hRRfT0j pWqR8kr2qauQttd9+q1n5pKCCjUO+/+jeLDdhtJ7Pls8O7motxJoNsqxKof1lJKvtt44VxYpdoY K6w== john.doe@client
If your SSH server is OpenSSH, you can add the public certificate to the authorized_keys file on the OpenSSH server. If the OpenSSH server is configured to accept connection using a public / private key pair, you should be able to connect to the OpenSSH server with the public / private key pair you just created.