Public and private SSH key pair can be used for public key authentication method in SSH. A keypair could optionally be protected by a passphrase. If no passphrase is set on the public and private SSH key pair, a public key authentication method could be used to automate remote command execution and file transfer.

Public and private SSH key pair can be created using the ssh-keygen program. ssh-keygen is normally bundled with SSH client packages and is included in most Linux distributions by default.

You can create an SSH key pair by running ssh-keygen at the terminal.

Complementary video guide:

Steps to create public and private SSH key pair:

  1. Launch your favourite terminal application.
  2. Run ssh-keygen command.
    $ ssh-keygen
    Generating public/private rsa key pair.

    ssh-keygen will generate a 2048 bit rsa key pair if no option is specified. You can change the key's bit size and type by using -b and -t options respectively as the following example.

    $ ssh-keygen -b 521 -t ecdsa

    Possible values for key types are dsa, ecdsa, ed25519 and rsa.

  3. Enter the location and filename to save the key pair.
    Enter file in which to save the key (/home/user/.ssh/id_rsa): 

    Default location is in the .ssh folder in your home directory and default filename is id_<key_type>.

  4. Enter passphrase to secure the key (optional).
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 

    Don't enter any passphrase if you want to use the key for passwordless SSH login
    How to configure passwordless SSH login

  5. Your public and private SSH key pair will be created and saved in the location you previously specified.
    Your identification has been saved in /home/user/.ssh/id_rsa.
    Your public key has been saved in /home/user/.ssh/id_rsa.pub.

    The public key will have .pub extension appended to the file name

  6. Fingerprint and randomart for your SSH key will be displayed for you to visually remember.
    The key fingerprint is:
    SHA256:iiaD/fAzINYAP1MSUD3r0J9750Gpb1MMRvlERe2Yu+c [email protected]
    The key's randomart image is:
    +---[RSA 3072]----+
    |.ooo       o.oo. |
    |. . +     o .   .|
    |.. + o   . o   + |
    | .= o     o.. o .|
    |  o= . .S.oo   . |
    |.+....o. o  o .  |
    |o.=.o ... ..   . |
    |   Bo . ..+.  . .|
    |    oo . +o.   oE|
    +----[SHA256]-----+
  7. Check permission of created keys (optional).
    $ ls -l ~/.ssh/id_rsa*
    -rw------- 1 user user 2590 Sep  29 11:22 /home/user/.ssh/id_rsa
    -rw-r--r-- 1 user user  563 Sep  29 11:22 /home/user/.ssh/id_rsa.pub

    Note that the private key (/home/user/.ssh/id_rsa) has a very strict permission where only the owner has read and write permission whereas group and other users doesn't have any permissions associated to them.

Guide compatibility:

Operating System
Ubuntu Linux
Debian Linux
Red Hat Enterprise Linux
Fedora Linux
CentOS Linux
openSUSE Linux
SUSE Linux Enterprise Server
FreeBSD
OpenBSD
NetBSD
macOS
Share this guide!
Discuss the article:

Comment anonymously. Login not required.

Share!