How to create ssh public/private keys on command line

Command line utility ssh-keygen can be used to generate rsa or dsa public and private keys. By default it generates rsa keys. Here are commands to generate keys pairs.

Generate default rsa keys in specifed file

This will put current userid in comment part in public key.

$ ssh-keygen -f mykey
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in mykey.
Your public key has been saved in
The key fingerprint is:
SHA256:KOdKc1P01vdzFihC3/GUKVZmeyZTCdJFsgeN+ZbBc9s user1@MyHomeMac.local
The key's randomart image is:
+---[RSA 2048]----+
|           ..+O*o|
|            .+BB=|
|        ..   =+*X|
|       o....o BOE|
|    . o |
|     + . .. .. ..|
|    o +        .+|
|   . + .       .o|
|    .            |

You can specify a passphrase or leave empty to have key without passphrase. It is better to specify a passphrase unless you are generating the key for automation purpose.

Once done you can see that two files got generated in current directory. The private key is only readable and writable by owner.

$ ls -ltr
total 32
-rw-r--r--  1 user1  staff   404 Dec 16 14:52
-rw-------  1 user1  staff  1675 Dec 16 14:52 mykey

To generate dsa key

$ ssh-keygen -t dsa -f mykey

Generate 4096 bits rsa key

Default key is 2048 bits which is generally sufficient. In case you need 4096 bits keys use the following command.

$ ssh-keygen -t rsa -b 4096

Generate rsa key with comment

Comment gets appended to the public key as shown below. This is useful in case you are generating key for some other user and want to have relevant comment. This may also be useful for maintaining multiple keys.

$ ssh-keygen -f mykey -C "my-first-key"
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyhYUmL52LxTfpnTaD/TalpMjFSkaZklY9x+8H3c6C40ZRHI3/fMfwdP96PyO3Zlap0402nBT8QpWFMrMNtfyJC43vt87wqG1prIw0OGsMboFO+6x5F8VXH7fSap+/W8LaTEJ+nuNJN3AdjByHVYXk+s6HZHY6HJTGJoY94Pwde+3WW4ma4wSdF4FXHePC6U9tVDLt9koESMl8k3Qr12GxR3/vz7QaCYTAvNvvyNlTPjJTsocnC8wfMAeUuaqmNvl1tsRcHwx/gteFHiJyeQx6SYblIJc3XI8AfzR3EwXmgdIWUlCm1bX8J8CPVbEo1w8xhr+wQO8RiYExyQfnITFp my-first-key
Share this article: share on Google+ share on facebook share on linkedin tweet this submit to reddit


Click here to write/view comments