Generating Key Pairs Using the ssh-keygen Command
Use the ssh-keygen command to generate a public and private authentication key pair. Authentication keys enable you to connect to a remote system without needing to supply a password each time that you connect. Each user must generate their own pair of keys.
Running ssh-keygen
To create a public and private SSH2 key pair, run the following command:
ssh-keygen-
On Oracle Linux 8 and Oracle Linux 9, the
ssh-keygenutility generates RSA keys with base nameid_rsaby default. The command output is similar to the following sample output:Generating public/private rsa key pair. Enter file in which to save the key (/home/guest/.ssh/id_rsa): <Enter> Created directory '/home/guest/.ssh'. Enter passphrase (empty for no passphrase): password Enter same passphrase again: password Your identification has been saved in /home/guest/.ssh/id_rsa. Your public key has been saved in /home/guest/.ssh/id_rsa.pub. ... -
On Oracle Linux 10, the
ssh-keygenutility generates ed25519 keys with base nameid_ed25519by default. The command output is similar to the following sample output:Generating public/private ed25519 key pair. Enter file in which to save the key (/home/opc/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/guest/.ssh/id_ed25519 Your public key has been saved in /home/guest/.ssh/id_ed25519.pub
To create an SSH key pair by using an algorithm other than the default algorithm, use the
-t option. Possible values that you can specify include
ecdsa, ed25519, and rsa.
For security, in case an attacker gains access to the private key, you can specify a passphrase to encrypt the private key. If you encrypt the private key, you must enter this passphrase each time that you use the key. If you don't specify a passphrase, you're not prompted for a passphrase.
For more information, see the ssh-keygen(1) manual page.
Location of key files
ssh-keygen generates a private key file and a public key file in
$HOME/.ssh (unless you specify an different directory for the private key
file). To see the keys on a server, run the following command:
ls -l $HOME/.ssh...
-rw-------. 1 guest guest 1743 Apr 13 12:07 id_sshkey
-rw-r--r--. 1 guest guest 397 Apr 13 12:07 id_sshkey.pub
...Note:
In the preceding output example, the placeholder id_sshkey has the following default values on Oracle Linux instances:-
id_rsaon Oracle Linux 8 and Oracle Linux 9 instances. -
id_ed25519on Oracle Linux 10 instances.