Linux/Ubuntu provide a command “ssh-keygen” to create ssh public/private keys. ssh-keygen generates, manages and converts authentication keys for ssh. ssh-keygen can create keys for use by SSH protocol version 2. The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key.
In this article we will create default RSA keys which are normally used for remote ssh login / authentication. In this article our username is “devlab” , you will see different name after /home/ as per your username.
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/devlab/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/devlab/.ssh/id_rsa.
Your public key has been saved in /home/devlab/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:nEhYcZn5GdVbhgGm8jzlAITEMr/8LT64fsxvB5rVvFA devlab@devlab
The key's randomart image is:
+---[RSA 2048]----+
| o++++ .+o.o |
| ooo.+..o o o|
| .+. ..oo. + |
| ..o =o+E . |
| ...S ++. |
| o +.o |
| = = o . |
| . X o o |
| .o+.=.. |
+----[SHA256]-----+
This will create public and private ssh keys at your /home/myuser/.ssh directory.
$ ls -lh /home/devlab/.ssh/
total 12K
-rw------- 1 devlab devlab 1.7K May 27 23:34 id_rsa
-rw-r--r-- 1 devlab devlab 395 May 27 23:34 id_rsa.pub
-rw-r--r-- 1 devlab devlab 442 May 5 17:57 known_hosts
As we can see, there are 3 files created,
- id_rsa – Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES. This file is not automatically accessed by ssh-keygen but it is offered as the default file for the private key. ssh(1) will read this file when a login attempt is made.
- id_rsa.pub – Contains the DSA, ECDSA, Ed25519 or RSA public key for authentication. The contents of this file should be added to ~/.ssh/authorized_keys on all machines where the user wishes to login using public key authentication. There is no need to keep the contents of this file secret.
- known_hosts – This file contains the id_rsa.pub public keys of the other hosts which are known to this machine.