How to Create SSH Keys

An SSH key consists of a pair of files: the private key and the public key. The private key is confidential and should never be shared, while the public key enables you to log into the servers, containers, and VMs you set up. When creating these keys using the ssh-keygen command, the keys are stored securely, allowing you to bypass the login prompt when connecting to your instances.

To generate SSH keys, follow these steps:

Enter the following command in the shell.

ssh-keygen -t rsa

1	ssh-keygen -t rsa

The -t option specifies the type of key to generate. Here, rsa is chosen due to its widespread use, though other types such as dsa, ecdsa, ed25519, or rsa for different security needs can be selected, depending on your requirements. From the man documentation:

$ man ssh-keygen

-t dsa | ecdsa | ed25519 | rsa | rsa1
Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.

$ man ssh-keygen

-t dsa | ecdsa | ed25519 | rsa | rsa1

Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.

This command initiates the key generation process. ssh-keygen will then prompt you to specify a storage location for the key.

Enter a passphrase for added security or press ENTER to proceed without one (not recommended for security reasons).
Confirm the passphrase by entering it again. Upon confirming the passphrase, the system generates the key pair and provides a summary of the operation, including the location of the saved key pair and a key fingerprint for verification purposes.

The generated output will resemble the following:

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vinicius.grippa/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vinicius.grippa/.ssh/id_rsa.
Your public key has been saved in /home/vinicius.grippa/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:in5ES8pWGp43XMpjI76NX/fX7E6fhksM70h+8gljhWI vinicius.grippa@testing-server.com
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| |
| . + . . |
| o @ +SE o . |
| O.%.. . = |
| o.=.+. .= +.o.|
| ..o.. .+o*ooo=|
| ++o o=*o++|
+----[SHA256]-----+

$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/vinicius.grippa/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/vinicius.grippa/.ssh/id_rsa.

Your public key has been saved in /home/vinicius.grippa/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:in5ES8pWGp43XMpjI76NX/fX7E6fhksM70h+8gljhWI vinicius.grippa@testing-server.com

The key's randomart image is:

+---[RSA 2048]----+

| |

| . + . . |

| o @ +SE o . |

| O.%.. . = |

| o.=.+. .= +.o.|

| ..o.. .+o*ooo=|

| ++o o=*o++|

+----[SHA256]-----+

Your private key (id_rsa) is stored in the .ssh directory and is critical for verifying your public key’s association with your user account.

Never share your private key with anyone!