Enhancing Skills

ssh-keygen: Generate a new SSH key pair for authentication

Command: ssh-keygen

Used to generate a new SSH key pair, which consists of a private key and a public key. This key pair is used for secure authentication when connecting to remote servers via SSH.


Sample Command and Output:

$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa
Your public key has been saved in /home/user/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:Oe0y8BTrH3mKM6pBfOnqAqjS5d9B09eP8nRzQOYZAgQ your_email@example.com
The key's randomart image is:
+---[RSA 4096]----+
|    .oO.         |
|   o+.o          |
|  o o..          |
| .o .            |
|  . .            |
|   .            |
|   .            |
|   .            |
|   .            |
+----[SHA256]-----+

Description:

  • ssh-keygen -t rsa -b 4096 -C "your_email@example.com": Generates a new RSA key pair with a key size of 4096 bits. The -C option adds a comment (usually an email address) to the key for identification. The -t rsa option specifies the key type (RSA).
  • Enter file in which to save the key: Prompts you to specify the location where the key pair will be saved. Pressing Enter will save the key to the default location (/home/user/.ssh/id_rsa).
  • Enter passphrase: Optionally, you can enter a passphrase to encrypt the private key. This adds an extra layer of security.
  • The key fingerprint is: Displays the fingerprint of the generated key, which is a short string representing the key.

Additional Commands and Sample Outputs:

  • ssh-keygen -t ed25519 -C "your_email@example.com": Generate a new Ed25519 key pair (a modern, secure key type). Sample Command and Output:
  $ ssh-keygen -t ed25519 -C "your_email@example.com"
  Generating public/private ed25519 key pair.
  Enter file in which to save the key (/home/user/.ssh/id_ed25519): 
  Enter passphrase (empty for no passphrase): 
  Enter same passphrase again: 
  Your identification has been saved in /home/user/.ssh/id_ed25519
  Your public key has been saved in /home/user/.ssh/id_ed25519.pub
  The key fingerprint is:
  SHA256:abcdef1234567890 your_email@example.com

Description:

  • ssh-keygen -t ed25519 -C "your_email@example.com": Generates an Ed25519 key pair, which is considered more secure and efficient than RSA for most purposes.
  • ssh-keygen -p: Change the passphrase of an existing key. Sample Command and Output:
  $ ssh-keygen -p -f /home/user/.ssh/id_rsa
  Enter old passphrase: 
  Key has comment 'your_email@example.com'
  Enter new passphrase (empty for no passphrase): 
  Enter same passphrase again: 
  Your identification has been saved with the new passphrase.

Description:

  • ssh-keygen -p -f /home/user/.ssh/id_rsa: Changes the passphrase for the existing private key located at /home/user/.ssh/id_rsa.

Note: After generating the key pair, you need to copy the public key (id_rsa.pub or id_ed25519.pub) to the remote server’s ~/.ssh/authorized_keys file to enable SSH access.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.