FreeKB - SSH ssh-keygen command (create a public / private key pair)
SSH - ssh-keygen command (create a public / private key pair)

The ssh-keygen command is used to create a public certificate and private key pair. The key pair is intended to be used for making a connection to an SSH server. By default, an RSA keypair will be created.

ssh-keygen
. . .
Generating public/private rsa key pair.

 

Or, the following command line options can be used so that you are not prompted for input.

  • -t (type) such as rsa or dsa
  • -N (passphrase)
  • -f (key file) such as /home/john.doe/.ssh/id_rsa
  • <<< n is used to not overwrite id_rsa and id_rsa.pub if they already exist
  • 2>&1 >/dev/null suppresses output
[root@server1 ~]# ssh-keygen -t rsa -N '' -f /home/john.doe/.ssh/id_rsa <<< n 2>&1 >/dev/null

 

If the private key already exists, such as id_rsa, you can create the public certificate using the private key, like this.

ssh-keygen -y -f /home/john.doe/.ssh/id_rsa > /home/john.doe/.ssh/id_rsa.pub

 

It is always recommended to secure the keypair with a strong, unique passphrase.

Created directory '/home/john.doe/.ssh'.
Enter passphrase (empty for no passphrase):

 

The public certificate and private key are created.

Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a6:4e:fd:17:67:69:19:b5:22:0a:16:53:cf:47:b3:b3 root@server1
The key's randomart image is:
+--[ RSA 2048]----+
|        ..   o   |
|       o  o . o .|
|        o  o + ..|
|       o   ...+. |
|      . S . .E.+ |
|       + .  . *  |
|      o .    =   |
|     o   .  .    |
|      .   ..     |
+-----------------+

 

Configure the .ssh directory to only the directory owner (john.doe in this example) has read/write/execute permission, and configure the public/private key pair so that only the onwer has read/write permission.

chmod 700 /home/john.doe/.ssh
chmod 600 /home/john.doe/.ssh/id_rsa
chmod 600 /home/john.doe/.ssh/id_rsa.pub

 

Optionally, use the ssh-add command to store your identity in the keychain.

eval `ssh-agent -s`
ssh-add /home/john.doe/.ssh/id_rsa

 

The content of id_rsa.pub will be something like this (without the line breaks).

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqphOmkv0RPMn48EwCRED/eSSYsbyrRlxymWdEA/
rYuq4eqZAVzTYxJxnTuCTLnrr5hvVMYstcEnwFB+uXZut8UoCtOlrqA7gyy0EjdRh1qay1YXIbB
QZxpHDmAy9D3aSDoa5sVwrC1GQzNN4nH58pGnoGF+Df/A76LlZeBfmO1hP/a7hLIf8L+2o4LfKM
NBvqf37tlYDOKUA+mU+XSCmBbMk3/4UgYxuQ3HdE8w5RhFZf9Mbvb5GqubCy7N8zp6v/hRRfT0j
pWqR8kr2qauQttd9+q1n5pKCCjUO+/+jeLDdhtJ7Pls8O7motxJoNsqxKof1lJKvtt44VxYpdoY
K6w== john.doe@client

 

If your SSH server is OpenSSH, you can add the public certificate to the authorized_keys file on the OpenSSH server. If the OpenSSH server is configured to accept connection using a public / private key pair, you should be able to connect to the OpenSSH server with the public / private key pair you just created.

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter bee51 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |