Skip to content

Introduction

SSH (Secure Shell) keys resemble passwords. They are authentication credentials which grant access and can control who can access what. SSH keys comprise two keys: a public key and private key. The public key is not sensitive and can be placed on computers that you wish to access. On the otherhand, the private key is sensitive and will allow access to computers on which your public key reside. An analogy to help conceptulise SSH key pairs is that public keys are locks that the private key can unlock. Therefore, anybody holding your private key can access computers with the corresponding public key.

Generating Your Key

SSH keys can be generated using the command ssh-keygen. This will ask you where you'd like to save the keys and if you'd like to enter a passphrase. By default, the keys are stored in ~/.ssh/ — the private key is the file named id_rsa, and the public key is named id_rsa.pub. The passphrase is used to encrypt the key, so that it can't be used even if someone obtains the private key. Note: if keys already exist, ssh-keygen will ask if you want to overwrite them after selecting a storage location.

% ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/Osiris/.ssh/id_rsa): 
Created directory '/home/Osiris/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/Osiris/.ssh/id_rsa.
Your public key has been saved in /home/Osiris/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:zJ2SQwYgAS4x9kKXthtPetW+2De1GttGHfUACfYVTIU Osiris@Bennu
The key's randomart image is:
+---[RSA 2048]----+
|++ooo..   o..=++.|
|+oo+   . . ...E .|
|.o...   +   .  .o|
|. .o . * + .   ..|
|    * . S o   . .|
|   o o   +   o . |
|    .   o ..o .  |
|       . o o+o   |
|          .o+.   |
+----[SHA256]-----+