How to create SSH Keys in Ubuntu / Linux ?

Linux/Ubuntu provide a command “ssh-keygen” to create ssh public/private keys. ssh-keygen generates, manages and converts authentication keys for ssh. ssh-keygen can create keys for use by SSH protocol version 2. The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key.

In this article we will create default RSA keys which are normally used for remote ssh login / authentication. In this article our username is “devlab” , you will see different name after /home/ as per your username.

 $ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/devlab/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/devlab/.ssh/id_rsa.
Your public key has been saved in /home/devlab/.ssh/
The key fingerprint is:
SHA256:nEhYcZn5GdVbhgGm8jzlAITEMr/8LT64fsxvB5rVvFA devlab@devlab
The key's randomart image is:
+---[RSA 2048]----+
|     o++++ .+o.o |
|    ooo.+..o  o o|
|    .+. ..oo.  + |
|     ..o =o+E .  |
|     ...S ++.    |
|      o   +.o    |
|       = = o .   |
|      . X o o    |
|     .o+.=..     |

This will create public and private ssh keys at your /home/myuser/.ssh directory.

 $ ls -lh /home/devlab/.ssh/ 
total 12K
-rw------- 1 devlab devlab 1.7K May 27 23:34 id_rsa
-rw-r--r-- 1 devlab devlab  395 May 27 23:34
-rw-r--r-- 1 devlab devlab  442 May  5 17:57 known_hosts

As we can see, there are 3 files created,

  1. id_rsa – Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES. This file is not automatically accessed by ssh-keygen but it is offered as the default file for the private key. ssh(1) will read this file when a login attempt is made.
  2. – Contains the DSA, ECDSA, Ed25519 or RSA public key for authentication. The contents of this file should be added to ~/.ssh/authorized_keys on all machines where the user wishes to login using public key authentication. There is no need to keep the contents of this file secret.
  3. known_hosts – This file contains the public keys of the other hosts which are known to this machine.

Leave a Comment