System Administration Guide: Security Services

How to Create a Public/Private Key Pair

The standard procedure for creating a Secure Shell public/private key pair follows. For information on additional options, see ssh-keygen(1).

  1. Start the key generation program.

    myLocalHost% ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key(/home/johndoe/.ssh/id_rsa): 
  2. Enter the path to the file that will hold the key.

    By default, the file name id_rsa, which represents an RSA v2 key, appears in parentheses. You can select this file by pressing Return. Or, you can type an alternative filename.

    Enter file in which to save the key(/home/johndoe/.ssh/id_rsa): <Return>

    The public key name is created automatically and the string .pub is appended to the private key name.

  3. Enter a passphrase for using your key.

    This passphrase is used for encrypting your private key. A good passphrase is 10–30 characters long, mixes alphabetic and numeric characters, and avoids simple English prose and English names. A null entry means no passphrase is used, but this entry is strongly discouraged for user accounts. Note that the passphrase is not displayed when you type it in.

    Enter passphrase(empty for no passphrase):  <Type the passphrase>
  4. Re-enter the passphrase to confirm it.

    Enter same passphrase again: <Type the passphrase>
    Your identification has been saved in /home/johndoe/.ssh/id_rsa.
    Your public key has been saved in /home/johndoe/.ssh/
    The key fingerprint is:
    0e:fb:3d:57:71:73:bf:58:b8:eb:f3:a3:aa:df:e0:d1 johndoe@myLocalHost
  5. Check the results.

    The key fingerprint (a colon-separated series of 2 digit hexadecimal values) is displayed. Check that the path to the key is correct. In the example, the path is /home/johndoe/.ssh/ At this point, you have created a public/private key pair.

  6. Copy the public key and append the key to the $HOME/.ssh/authorized_keys file in your home directory on the remote host.