Linux and other operating systems provide the ssh-keygen command in order to generate SSH keys. SSH keys consist of a key pair which are called Public Key and Private Key. These cans can be used to automatic or passwordless certificate-based login to the remote SSH server.
Install ssh-keygen Command
All Linux distributions like Ubuntu, Debian, Mint, Kali CentOS, Fedora, RHEL, SUSE, and BSD variants provide the ssh-keygen as a package. In can be installed for apt, apt-get, yum, dnf package managers like below.
Ubuntu, Debian Mint, Kali with apt:
sudo apt install openssh-client
Ubuntu, Debian Mint, Kali with apt-get:
sudo apt-get install openssh-client
CentOS Fedora, RHEL with yum:
sudo yum install openssh-client
CentOS Fedora, RHEL with dnf:
sudo dnf install openssh-client
Generate SSH Keys (Public Key, Private Key)
As a secure protocol SSH uses public-key cryptography for encryption and authentication for hosts and users. The authentication keys which are consist of Public Key and Private key are created with the ssh-keygen command which can generate different types of keys like RSA, DSA, ECDSA, ED25519.
If the ssh-keygen is called without any options and parameters it will create a RSA key by defualt which size is 2048 bit.
The output is like below.
Generating public/private rsa key pair. Enter file in which to save the key (/home/ismail/.ssh/id_rsa): /home/ismail/.ssh/id_rsa already exists. Overwrite (y/n)? y Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ismail/.ssh/id_rsa Your public key has been saved in /home/ismail/.ssh/id_rsa.pub The key fingerprint is: SHA256:EMYPpCNIVLAJepvKRSVhKwtLCzSpL43Dftlr44V2uXg ismail@ubuntu The key's randomart image is: +---[RSA 3072]----+ |o+=.++ | |=o= +oo. | |=ooo .o | |=o=+ . .. | |o*o. S | |=o+ . . | |o+ oo + | | . o.++E. | | . o++. | +----[SHA256]-----+
If there is already a key with the same file name you will be asked whether overwrite or not. If you type Y and continue the SSH key creation continue.
Generate RSA SSH Keys (Public Key, Private Key)
The RSA is the most popular public and private key algorithm which can be generated with the ssh-keygen command. The RSA keys can be generated by specifying the type with the -t option and rsa parameter like below.
ssh-keygen -t rsa
Generate DSA SSH Keys (Public Key, Private Key)
The DSA is another popular cryptographic algorithm that is used to generate SSH keys too. The DSA is a very fast and feasible alternative to the RSA algorithm. The DSA keys can be generated by specifying the type with the -t option and dsa parameter like below.
ssh-keygen -t dsa
Generate ECDSA SSH Keys (Public Key, Private Key)
ssh-keygen -t ecdsa
Generate ED25519 SSH Keys (Public Key, Private Key)
ssh-keygen -t ed25519
Set SSH Key Size
By default the RSA key size is 2048 bit, DSA key size is 1024 bit. But the key size can be changed where increasing the key size makes the keys and communication more secure. But the downside is if the data or bandwidth is high the performance will be lower but this is not a problem for SSH and SSH communication. The -b options and the bit size can be specified to the ssh-keygen like below. This key size option can be used for all algorithms.
ssh-keygen -t rsa -t 4096 ssh-keygen -t dsa -t 1024 ssh-keygen -t ecdsa -t 512 ssh-keygen -t ed25519 -t 512
Copy SSH (Public) Key To Remote SSH Server
Generated keys can be used for passwordless or key-based authentication which makes the SSH connection easier and more practical. The ssh-copy-id command is used to copy the current user default SSH keys to the specified remote SSH server.
By default, the username is set as the current username but different usernames can be specified explicitly. The @ sign is used to separate the username from the remote host IP address or hostname.
Alternatively the remote system hostname can be used to copy SSH key. But the hostname should be successfully resolved into the IP address.