The ssh-keygen command generate a public and private authentication
key pair. Such authentication keys allow you to connect to a remote system without needing
to supply a password each time that you connect. Each user must generate their own pair of
keys. If root
generates key pairs, only root
can use
those keys.
To create a public and private SSH2 RSA key pair:
$ssh-keygen
Generating public/private rsa key pair. Enter file in which to save the key (/home/guest/.ssh/id_rsa):<Enter>
Created directory '/home/guest/.ssh'. Enter passphrase (empty for no passphrase):Enter same passphrase again:
password
Your identification has been saved in /home/guest/.ssh/id_rsa. Your public key has been saved in /home/guest/.ssh/id_rsa.pub. The key fingerprint is: 5e:d2:66:f4:2c:c5:cc:07:92:97:c9:30:0b:11:90:59 guest@host01 The key's randomart image is: +--[ RSA 2048]----+ | .=Eo++.o | | o ..B=. | | o.= . | | o + . | | S * o | | . = . | | . | | . | | | +-----------------+
password
To generate an SSH1 RSA or SSH2 DSA key pair, specify the -t rsa1 or -t dsa options.
For security, in case an attacker gains access to your private key, you can specify an passphrase to encrypt your private key. If you encrypt your private key, you must enter this passphrase each time that you use the key. If you do not specify a passphrase, you are not prompted.
ssh-keygen generates a private key file and a public key file in
~/.ssh
(unless you specify an alternate directory for the private key
file):
$ ls -l ~/.ssh
total 8
-rw-------. 1 guest guest 1743 Apr 13 12:07 id_rsa
-rw-r--r--. 1 guest guest 397 Apr 13 12:07 id_rsa.pub
For more information, see the ssh-keygen(1)
manual page.