Linux/Ubuntu provide a command “ssh-keygen” to create ssh public/private keys. ssh-keygen generates, manages and converts authentication keys for ssh. ssh-keygen can create keys for use by SSH protocol version 2. The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key.
In this article we will create default RSA keys which are normally used for remote ssh login / authentication. In this article our username is “devlab” , you will see different name after /home/ as per your username.
$ ssh-keygen[bash] Generating public/private rsa key pair. Enter file in which to save the key (/home/devlab/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/devlab/.ssh/id_rsa. Your public key has been saved in /home/devlab/.ssh/id_rsa.pub. The key fingerprint is: SHA256:nEhYcZn5GdVbhgGm8jzlAITEMr/8LT64fsxvB5rVvFA [email protected] The key’s randomart image is: +—[RSA 2048]—-+ | o++++ .+o.o | | ooo.+..o o o| | .+. ..oo. + | | ..o =o+E . | | …S ++. | | o +.o | | = = o . | | . X o o | | .o+.=.. | +—-[SHA256]—–+ [/bash]
This will create public and private ssh keys at your /home/myuser/.ssh directory.
$ ls -lh /home/devlab/.ssh/[bash] total 12K -rw——- 1 devlab devlab 1.7K May 27 23:34 id_rsa -rw-r–r– 1 devlab devlab 395 May 27 23:34 id_rsa.pub -rw-r–r– 1 devlab devlab 442 May 5 17:57 known_hosts [/bash]
As we can see, there are 3 files created,
- id_rsa – Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES. This file is not automatically accessed by ssh-keygen but it is offered as the default file for the private key. ssh(1) will read this file when a login attempt is made.
- id_rsa.pub – Contains the DSA, ECDSA, Ed25519 or RSA public key for authentication. The contents of this file should be added to ~/.ssh/authorized_keys on all machines where the user wishes to login using public key authentication. There is no need to keep the contents of this file secret.
- known_hosts – This file contains the id_rsa.pub public keys of the other hosts which are known to this machine.