Generate an SSH key-pair

February 20, 2020

This tutorial assumes that you have a basic understanding of SSH and SSH keys. If this is not the case, we recommend you to first read through Understanding SSH.

Generate an SSH key-pair #

Before you generate a new SSH key-pair, you should verify that you do not already have an SSH key-pair on your computer. This can be done by running the following command in a terminal window:

ls ~/.ssh/*.pub

If the command outputs a file called something like ~/.ssh/id_rsa.pub, you already have an SSH key-pair installed and do not need to generate a new one. If you overwrite the existing key with a new one, you will lose access to all deployments on which the previous public key was installed.

In the case when no such file is returned, the first step to generate an SSH key-pair on your computer is running the following command:

ssh-keygen

After running the command, you should see the following output:

Generating public/private rsa key pair.
Enter file in which to save the key (~/.ssh/id_rsa):

By default, the SSH key will be named id_rsa and will be stored in the .ssh/ subdirectory of the home folder (~/) on your machine. Although you could change the name and location, it is recommended to stick with the defaults. To do so, just press enter.

You should now see the following prompt:

Enter passphrase (empty for no passphrase):

Here you are asked whether you want to secure the private key file on your machine with a passphrase. This is a recommended additional security measure you can take to make it harder for others to use your private key if it would somehow end up in the wrong hands. By securing the private key with a passphrase, no one will be able to establish a connection with it without first correctly entering the passphrase.

However, securing the private key file with a passphrase also implies that whenever you initiate an SSH connection, you will have to manually type in the passphrase. This may be a problem if you plan to automate some deployment management tasks that you like to run without human intervention. In this case, you can provide a blank/empty passphrase.

Complete the generation of the SSH key-pair by providing a secure or empty passphrase, followed by enter. Thereafter, you should see the following output:

Your identification has been saved in ~/.ssh/id_rsa.
Your public key has been saved in ~/.ssh/id_rsa.pub.
The key fingerprint is:
a9:49:2e:2a:5e:33:3e:a9:de:4e:77:11:58:b6:90:26 username@remote_host
The key's randomart image is:
...

You now have generated an SSH key-pair that you can use to authenticate with your deployments. It consists of two files that, depending on the name you specified during the generation, are located at the following locations:

  1. The public key is stored in file ~/.ssh/id_rsa.pub
  2. The private key is stored in file ~/.ssh/id_rsa

Where to go from here? #

Now that you have generated an SSH key-pair on your computer, the next step is to install the public key on your deployment. To do so, you can follow the tutorial Install an SSH key on your deployment.

Michiel Kempen

Michiel Kempen

A passionate cloud engineer who helps software companies adopt modern cloud technologies through an intelligent all-in-one cloud platform called Smoothy.