How to Generate an SSH Key Pair (with Examples)

Learn how to generate an SSH key pair on your computer, which you can then use to authenticate your connection to a remote server.

Password authentication is the default method most SSH clients use to authenticate with remote servers, but it suffers from potential security vulnerabilities like brute-force login attempts.

An alternative to password authentication is using authentication with SSH key pair, in which you generate an SSH key and store it on your computer.

SSH keys are an easy way to identify trusted computers without involving passwords. They are widely used by network and systems administrators to control servers remotely.

Therefore, the SSH key authentication is more secure than password authentication and arguably more convenient.

The central concept is that instead of a password, one uses a key file that is virtually impossible to guess. You give the public part of your key, and when logging in, it will be used, together with the private key and username, to verify your identity.

The steps below will show you how to generate an SSH key pair and add the public key to the server.

How to Generate an SSH Key Pair on Linux

When generating SSH keys under Linux, you can use the ssh-keygen command. It is a tool for creating new authentication key pairs for SSH.

To generate an SSH key pair, open up the terminal and type in the following command:

ssh-keygen -t rsa

Just press enter when it asks for the file, passphrase, or same passphrase. The command generates a pair of keys in the ~/.ssh directory by default.

ssh-keygen Generate an SSH Keys on Linux

You now have two files:

  • id_rsa (Private Key). The private key is stored on your local computer and should be kept secure, with permissions set so that no other users on your computer can read the file.
  • id_rsa.pub (Public Key). The public key needs to be placed on the server you intend to log in to. You can freely share your public key with others.
ls -l /home/linuxiac/.ssh/
drwx------ 2 linuxiac linuxiac 4096 Jul 16 18:31 .
drwxr-xr-x 4 linuxiac linuxiac 4096 Jul 16 18:31 ..
-rw------- 1 linuxiac linuxiac 2610 Jul 16 18:31 id_rsa
-rw-r--r-- 1 linuxiac linuxiac  576 Jul 16 18:31 id_rsa.pub

You can place the public key on any server and then connect to the server using ssh. When the public and private keys match up, the SSH server grants access without the need for a password.

If you are unsure how to do it, I recommend going through our short and easy-to-follow guide, “How to Setup SSH Login Without Password.”

You can generate an even larger SSH key with the -b option for increased security.

The -b flag instructs ssh-keygen to increase the number of bits used to create the key pair and is suggested for additional security. For example, for 4096 bits, do:

ssh-keygen -t rsa -b 4096

Conclusion

In this article, you have learned how to generate SSH key pairs using ssh-keygen. SSH keys have numerous advantages over passwords:

  • Increased security: They are nearly impossible to brute force or guess.
  • Ease of management: No more creating and changing random passwords.
  • Automated tasks: Because you don’t need to type your password every time, it’s easier to automate tasks that require SSH.

For more about the ssh-keygen command in Linux, consult its manual page.

Related: SSH to Port Other Than 22: How to Do It (with Examples)

Feel free to leave a comment if you have any questions.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%

3 Comments

    • You can use ssh-copy-id, e.g.:

      ssh-copy-id -i ~/.ssh/id_rsa.pub user@server

      Or manually by copying the contents of ~/.ssh/id_rsa.pub into the user’s ~/.ssh/authorized_keys file on the server.

      If you do it manually, make sure to put permissions 0700 for ~/.ssh.

      Cheers.

  1. Thank you both. To Steve, for the proper remark, and to Ricardo, for the good answer.
    I will soon publish an article related to SSH passwordless login.

Leave a Reply

Your email address will not be published. Required fields are marked *