The ssh-keygen command generate a public and private authentication key pair. Such authentication keys allow you to connect to a remote system without needing to supply a password each time that you connect. Each user must generate their own pair of keys. If root generates key pairs, only root can use those keys.

To create a public and private SSH2 RSA key pair:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guest/.ssh/id_rsa): <Enter>
Created directory '/home/guest/.ssh'.
Enter passphrase (empty for no passphrase): password
Enter same passphrase again: password
Your identification has been saved in /home/guest/.ssh/id_rsa.
Your public key has been saved in /home/guest/.ssh/id_rsa.pub.
The key fingerprint is:
5e:d2:66:f4:2c:c5:cc:07:92:97:c9:30:0b:11:90:59 guest@host01
The key's randomart image is:
+--[ RSA 2048]----+
|      .=Eo++.o   |
|      o  ..B=.   |
|          o.= .  |
|         o + .   |
|        S * o    |
|       . = .     |
|        .        |
|       .         |
|                 |
+-----------------+

To generate an SSH1 RSA or SSH2 DSA key pair, specify the -t rsa1 or -t dsa options.

For security, in case an attacker gains access to your private key, you can specify an passphrase to encrypt your private key. If you encrypt your private key, you must enter this passphrase each time that you use the key. If you do not specify a passphrase, you are not prompted.

ssh-keygen generates a private key file and a public key file in ~/.ssh (unless you specify an alternate directory for the private key file):

$ ls -l ~/.ssh
total 8
-rw-------. 1 guest guest 1743 Apr 13 12:07 id_rsa
-rw-r--r--. 1 guest guest  397 Apr 13 12:07 id_rsa.pub

For more information, see the ssh-keygen(1) manual page.