Creating Keys

To create your SSH keys using OpenSSH, you use the ssh-keygen command. It can generate both DSA and RSA keys, with RSA key lengths ranging from 768 bits to at least 4096 bits. Examples of this include:

• Generating a 4096-bit RSA key, with a custom comment:

  # ssh-keygen -t rsa -b 4096 -C 'root@fubar rsa_4096'
  Generating public/private rsa key pair.
  Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa_4096
  something secret and secure
  Enter same passphrase again: something secret and secure
  Your identification has been saved in /root/.ssh/id_rsa_4096.
  Your public key has been saved in /root/.ssh/id_rsa_4096.pub.
  The key fingerprint is:
  61:ff:3f:92:9b:a1:50:df:f0:3f:e3:50:97:2f:24:93 root@fubar rsa_4096
  

• Generating a RSA key, specifying the filename, and with the default comment:

  # ssh-keygen -t rsa -f ~/.ssh/id_rsa_foo
  Generating public/private rsa key pair.
  Enter passphrase (empty for no passphrase): My secret and only my secret
  Enter same passphrase again: My secret and only my secret
  Your identification has been saved in /root/.ssh/id_rsa_foo.
  Your public key has been saved in /root/.ssh/id_rsa_foo.pub.
  The key fingerprint is:
  8e:11:ff:fe:01:3d:33:c9:6f:f7:33:76:4b:0c:ff:e5 root@centos-ws
  
  

• Generating a DSA key:

  # ssh-keygen -t dsa -C 'root@fubar dsa'
  Generating public/private dsa key pair.
  Enter file in which to save the key (/root/.ssh/id_dsa): RETURN
  Enter passphrase (empty for no passphrase): another secret phrase
  Enter same passphrase again: another secret phrase
  Your identification has been saved in /root/.ssh/id_dsa.
  Your public key has been saved in /root/.ssh/id_dsa.pub.
  The key fingerprint is:
  3c:d4:1b:55:4c:81:2c:94:c3:40:39:05:68:4b:3f:b1 root@fubar dsa