How to Generate a Public/Private Key Pair for Use With Secure Shell
Users must generate a public/private key pair when their site implements host-based authentication or user public-key authentication. For additional options, see the ssh-keygen(1) man page.
Before You Begin
Ask your system administrator whether host-based authentication is configured.
- Start the key generation program.
mySystem% ssh-keygen -t rsaGenerating public/private rsa key pair.…
where –t is the type of algorithm, either rsa, dsa, or rsa1.
- Specify the path to the file that will hold the key.
By default, the file name id_rsa, which represents an RSA v2 key, appears in parentheses. You can select this file by pressing the Return key or provide an alternative file name.
Enter file in which to save the key (/home/username/.ssh/id_rsa):<Press Return>
The file name of the public key is created automatically by appending the string .pub to the name of the private key file.
- Type a passphrase for using your key.
This passphrase is used for encrypting your private key. A null entry is strongly discouraged. Note that the passphrase is not displayed when you type it in.
Enter passphrase (empty for no passphrase): <Type passphrase>
- Retype the passphrase to confirm it.
Enter same passphrase again: <Type passphrase>Your identification has been saved in /home/username/.ssh/id_rsa.Your public key has been saved in /home/username/.ssh/id_rsa.pub.The key fingerprint is:0e:fb:3d:57:71:73:bf:58:b8:eb:f3:a3:aa:df:e0:d1 username@mySystem
- Check that the path to the key file is correct.
% ls ~/.sshid_rsaid_rsa.pub
At this point, you have created a public/private key pair.
- Log in to the remote host by using the appropriate option based on your network's authentication method.
- If your administrator has configured host-based authentication, you might need to copy the local host's public key to the remote host.
You can now log in to the remote host. For details, see How to Log In to a Remote Host With Secure Shell.
- Type the following command on one line with no backslash.
% cat /etc/ssh/ssh_host_dsa_key.pub | ssh RemoteHost \'cat >> ~./ssh/known_hosts && echo "Host key copied"'
- When you are prompted, supply your login password.
Enter password: <Type password>Host key copied%
- Type the following command on one line with no backslash.
- If your site uses user authentication with public keys, populate your authorized_keys file on the remote host.
- Copy your public key to the remote host.
Type the following command on one line with no backslash.
mySystem% cat $HOME/.ssh/id_rsa.pub | ssh myRemoteHost \'cat >> .ssh/authorized_keys && echo "Key copied"'
When the file is copied, the message “Key copied” is displayed.
- When you are prompted, supply your login password.
Enter password: Type login passwordKey copiedmySystem%
- Copy your public key to the remote host.
- If your administrator has configured host-based authentication, you might need to copy the local host's public key to the remote host.
- (Optional) Avoid future prompting for passphrases.
See How to Reduce Password Prompts in Secure Shell. For more information, see the ssh-agent(1) and ssh-add(1) man pages.
