The standard OpenSSH suite of tools contains the
ssh-keygen utility, which is used to generate key pairs. Run it on your local computer to generate a 2048-bit RSA key pair, which is fine for most uses.
The utility will prompt you to select a location for the keys. By default, the keys are stored in the
~/.ssh directory with the filenames
id_rsa for the private key and
id_rsa.pub for the public key. Using the default locations will allow your SSH client to automatically find your SSH keys when authenticating, so we recommend accepting them by pressing
Generating public/private rsa key pair. Enter file in which to save the key (/home/username/.ssh/id_rsa):
If you have previously generated a key pair, you may see a prompt that looks like this:
/home/username/.ssh/id_rsa already exists. Overwrite (y/n)?
If you choose to overwrite the key on disk, you will not be able to authenticate using the previous key anymore. Selecting yes is an irreversible destructive process.
Once you select a location for the key, you’ll be prompted to enter an optional passphrase which encrypts the private key file on disk.
If you enter one, you will have to provide it every time you use this key (unless you are running SSH agent software that stores the decrypted key). We recommend using a passphrase, but you can press
ENTER to bypass this prompt.
Created directory '/home/username/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again:
This is the last step in the creation process. You now have a public and private key that you can use to authenticate.
Your identification has been saved in /home/username/.ssh/id_rsa. Your public key has been saved in /home/username/.ssh/id_rsa.pub. The key fingerprint is: a9:49:EX:AM:PL:E3:3e:a9:de:4e:77:11:58:b6:90:26 firstname.lastname@example.org The key's randomart image is: +--[ RSA 2048]----+ | ..o | | E o= . | | o. o | | .. | | ..S | | o o. | | =o.+. | |. =++.. | |o=++. | +-----------------+
From here, you can: