Public key authentication method in SSH uses public and private SSH key pairs. The key pairs support the use of multiple algorithms and block sizes. A passphrase could optionally protect the private key, and an automated, passwordless login for remote command execution and file transfer is possible if no passphrase is set.
You can create public and private SSH key pairs using the ssh-keygen program. ssh-keygen is generally bundled with SSH client packages and is included in most Linux distributions by default.
ssh-keygen is a command-line application that you can use at the terminal.
$ ssh-keygen Generating public/private rsa key pair.
ssh-keygen will generate a 2048 bit rsa key pair if no option is specified. You can change the key's bit size and type by using -b and -t options respectively as the following example.
$ ssh-keygen -b 521 -t ecdsa
Possible values for key types are dsa, ecdsa, ed25519 and rsa.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Default location is in the .ssh folder in your home directory and default filename is id_<key_type>.
Enter passphrase (empty for no passphrase): Enter same passphrase again:
Don't enter any passphrase if you want to use the key for passwordless SSH login.
Related: How to implement passwordless SSH authentication
Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The public key will have .pub extension appended to the file name.
The key fingerprint is: SHA256:iiaD/fAzINYAP1MSUD3r0J9750Gpb1MMRvlERe2Yu+c user@host The key's randomart image is: +---[RSA 3072]----+ |.ooo o.oo. | |. . + o . .| |.. + o . o + | | .= o o.. o .| | o= . .S.oo . | |.+....o. o o . | |o.=.o ... .. . | | Bo . ..+. . .| | oo . +o. oE| +----[SHA256]-----+
$ ls -l ~/.ssh/id_rsa* -rw------- 1 user user 2590 Sep 29 11:22 /home/user/.ssh/id_rsa -rw-r--r-- 1 user user 563 Sep 29 11:22 /home/user/.ssh/id_rsa.pub
Note that the private key (/home/user/.ssh/id_rsa) has very strict permission where only the owner has read and write permission. The user's group and other users don't have any permissions associated with them.
Related: How to resolve the "SSH Unprotected Private Key File" warning
Comment anonymously. Login not required.