How to Generate SSH Public/Private Keys
This tutorial demonstrates how to set up public and private SSH keys, so you can login without having to type the password every time. This method is more secure than using a password alone – unlike passwords, SSH keys are almost impossible to crack through brute force attacks. SSH keys come in pairs – one private, one public. The private key is known only by you, while the public key can be shared freely with any SSH server you’d like to connect to. When the two match, you can login without typing a password. If you’d like, you can also add an extra layer of security by safeguarding the private key with a passphrase.
1. Create the RSA Key Pair
ssh-keygen -t rsa
2. Store the Keys and Passphrase
Once you’ve entered the command to generate the key pairs, press enter to save the file to the user home. Next, you’ll see the option for creating a passphrase:
Enter passphrase (empty for no passphrase):
Using a passphrase gives you an extra layer of security – even if an unauthorized user discovered your private key, they would still be unable to login without the passphrase.
3. Place the Public Key on the Server
Once you’ve generated the pair, you can copy the public key to the server you’d like to use. Remember that the public and private key have the same name, except for the .pub extension for the public key. The private key is not shared, though – it remains on your local machine. Use the ssh-copy-id command to copy the public key to the server, but remember to replace to example username and IP address shown below:
This will yield the following:
The authenticity of host ‘18.104.22.168 (22.214.171.124)’ can’t be established.
RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.
Are you sure you want to continue connecting (yes/no)? Yes
Warning: Permanently added ‘126.96.36.199’ (RSA) to the list of known hosts.
And you’re done! Now you can log into the server without needing a password.