How to make an SSH key with ssh-keygen
@ 04 Jan, 2020 About 1 minutes to read
ssh-keygen — is the simplest tool to generate ssh key. It comes pre-installed in most of Linux distros and Mac.
For windows users the easiest way is to use Git Bash which comes together with Git (even portable) or to use WSL.
If you managed not to have it on linux — it is a part of OpenSSH.
For debian branch distros (includes ubuntu) install openssh-client package, on arch openssh.
The basic usage
You’ll be prompted to provide a path where to store generated certificate, with default option pointing to
If your intent is to use the certification for personal identification on current machine accept the default option, and if the file already exists and you doubt overwriting it just giv it another name staring with
The private key will be written to the path you’ve chosen, the public key will be stored next to it with the
.pub postfix, like on the example below.
Generating public/private rsa key pair. Enter file in which to save the key (/home/username/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/username/.ssh/id_rsa. Your public key has been saved in /home/username/.ssh/id_rsa.pub. The key fingerprint is: SHA256:pZ34ZJacthnDwNMuRIMdbJ87xpFJAv12JXBPxJnae4E username@hostname The key's randomart image is: +---[RSA 3072]----+ | .*+....ooo | | .o*o...o= | | .==o+ =o | | . @O+oE.. | | So/+ ..| | B== . .| | .+. . | | | | | +----[SHA256]-----+
For more detailed reference you can refer to ssh-keygen.1 on arch manual manual pages. For a quick reference the most commonly used ones listed below.
-t rsa | dsa | ecdsa | ed25519 encryption type, defaults to
rsa as most commonly used.
-b number key size, for
rsa defaults to 3072, for other algorithms refer to ssh-keygen.1#b.
-C comment typically used for username, defaults to current user. (but still just a comment, don’t have to match any specific user id)
-f filename output file name for private key, the public key will have
.pub appended to filename.
-P passphrase obviously a passphrase