Thursday 10 September 2020

How to generate SSH key pair on Ubuntu

ssh-keygen -t rsa -b 4096 -C ""

-t Specifies the type of key to create.  The possible values are “dsa”, “ecdsa”, “ed25519”, or “rsa”.

-b bits Specifies the number of bits in the key to create. For RSA keys, the minimum size is 1024 bits and the default is 3072 bits. Generally, 3072 bits is considered sufficient

-C comment Provides a new comment. This can be any string you want to help identify the key. As this keypair is unique and represents an identity of the (e.g. repository) user, I tend to use email format: user@domain


$ ssh-keygen -t rsa -b 4096 -C ""
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bojan/.ssh/id_rsa): ./key-pair--ec2--my-app
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./key-pair--ec2--my-app
Your public key has been saved in ./
The key fingerprint is:
The key's randomart image is:
+---[RSA 4096]----+
|   o=+ .o..      |
|      o  ...     |
|     .    o=+ .  |
|      .  .o=o*   |
|     .  S.oo+ .  |
|      .   =+.+  .|
|       . =o+++o..|
|        =.+o= o*.|
|       oE..o....O|

$ ls -la
-rw------- 1 bojan bojan 3434 May 27 17:27 key-pair--ec2--my-app
-rw-r--r-- 1 bojan bojan  749 May 27 17:27


To copy the contents of the file to clipboard:

xclip -sel clip < ~/.ssh/

Private key with default name (~/.ssh/id_rsa) should automatically be added to the SSH authentication agent. To check this we can start the ssh-agent and 
$ eval "$(ssh-agent -s)"
Agent pid 76155

$ ssh-add -l -E sha256
256 SHA256:DUXxZAyhbh68kJwex8rzHXQM2cKzSWadNqzW1KnPR3A (ED25519)

If we have only key that does not have the default name, it might not have been added to SSH agent in which case the output would be:

$ ssh-add -l -E sha256
The agent has no identities.

To add the key to SSH agent:

$ ssh-add path/to/mykey
Enter passphrase for path/to/mykey: 
Identity added: path/to/mykey (


No comments: