The ssh-keygen command is used to create a public certificate and private key pair. The key pair is intended to be used for making a connection to an SSH server. By default, an RSA keypair will be created.
ssh-keygen . . . Generating public/private rsa key pair.
Or, the -t (type) option can be used to specify the type, such as -t rsa or -t dsa. When prompted where to save the file, press enter to use the default file name and directory, or type your preferred directory and file name.
[root@server1 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/jeremy.canfield/.ssh/id_rsa):
It is always recommended to secure the keypair with a strong, unique passphrase.
Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase):
The public certificate and private key are created.
Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: a6:4e:fd:17:67:69:19:b5:22:0a:16:53:cf:47:b3:b3 root@server1 The key's randomart image is: +--[ RSA 2048]----+ | .. o | | o o . o .| | o o + ..| | o ...+. | | . S . .E.+ | | + . . * | | o . = | | o . . | | . .. | +-----------------+
If the private key already exists, such as id_rsa, you can create the public certificate using the private key, like this.
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
If your SSH server is OpenSSH, you can add the public certificate to the authorized_keys file on the OpenSSH server. If the OpenSSH server is configured to accept connection using a public / private key pair, you should be able to connect to the OpenSSH server with the public / private key pair you just created.