How to make an SSH key with ssh-keygen
ssh-keygen
— is the simplest tool to generate ssh key. It comes pre-installed in most of Linux distros and Mac.
For windows users the easiest way is to use Git Bash which comes together with Git (even portable) or to use WSL.
If you managed not to have it on linux — it is a part of OpenSSH.
For debian branch distros (includes ubuntu) install openssh-client package, on arch openssh.
The basic usage
$ ssh-keygen
You’ll be prompted to provide a path where to store generated certificate, with default option pointing to ~/.ssh/id_rsa
.
If your intent is to use the certification for personal identification on current machine accept the default option,
and if the file already exists and you doubt overwriting it just giv it another name staring with id_
like ~/.ssh/id_me
.
The private key will be written to the path you’ve chosen, the public key will be stored next to it with the .pub
postfix, like on the example below.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pZ34ZJacthnDwNMuRIMdbJ87xpFJAv12JXBPxJnae4E username@hostname
The key's randomart image is:
+---[RSA 3072]----+
| .*+....ooo |
| .o*o...o= |
| .==o+ =o |
| . @O+oE.. |
| So/+ ..|
| B== . .|
| .+. . |
| |
| |
+----[SHA256]-----+
Options
For more detailed reference you can refer to ssh-keygen.1 on arch manual manual pages. For a quick reference the most commonly used ones listed below.
-t rsa | dsa | ecdsa | ed25519
encryption type, defaults to rsa
as most commonly used.
-b number
key size, for rsa
defaults to 3072, for other algorithms refer to ssh-keygen.1#b.
-C comment
typically used for username, defaults to current user. (but still just a comment, don’t have to match any specific user id)
-f filename
output file name for private key, the public key will have .pub
appended to filename.
-P passphrase
obviously a passphrase