Several tools exist to generate SSH public/private key pairs. The following sections show how to generate an SSH key pair on UNIX, UNIX-like and Windows platforms.
UNIX and UNIX-like platforms (including Solaris and Linux) include the ssh-keygen utility to generate SSH key pairs.
Crack key. With more creative options and real-time, no-render editing of all popular SD, HD and even 4K formats, EDIUS Pro 8 is THE most versatile and fastest nonlinear editing software available. And EDIUS Pro 8 comes with GV Browser source management to prepare content for subsequent editing in EDIUS.Best of all, with EDIUS Pro 8, there are no subscription fees, you buy it, you keep it, with a permanent license with free updates throughout the life of EDIUS Pro 8.x. Need workgroup editing?
filename
your choice of file name for the private key:The ssh-keygen utility prompts you for a passphrase for the private key.
Note:
While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.
The ssh-keygen utility prompts you to enter the passphrase again.
filename
and the public key has been saved as filename
.pub
. It also displays information about the key fingerprint and randomart image.The PuTTYgen program is part of PuTTY, an open source networking client for the Windows platform.
May 27, 2010 H ow do I generate ssh RSA keys under Linux operating systems? You need to use the ssh-keygen command as follows to generate RSA keys (open terminal and type the following command): ssh-keygen -t rsa OR ssh-keygen.
To download PuTTY or PuTTYgen, go to http://www.putty.org/ and click the You can download PuTTY here link.
As the key is being generated, move the mouse around the blank area as directed.
Note:
While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.
.ppk
(PuTTY private key).Note:
The.ppk
file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY as your SSH client. It cannot be used with other SSH client tools. Refer to the PuTTY documentation to convert a private key in this format to a different format. Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren't seeing all the characters.
.pub
extension to indicate that the file contains a public key.ssh
utility on Linux), export the private key:.ppk
format, using an extension such as .openssh
to indicate the file's content.Using SSH public-key authentication to connect to a remote system is a robust, more secure alternative to logging in with an account password or passphrase. SSH public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one 'private' and the other 'public'. You keep the private key a secret and store it on the computer you use to connect to the remote system. Conceivably, you can share the public key with anyone without compromising the private key; you store it on the remote system in a .ssh/authorized_keys
directory.
To use SSH public-key authentication:
~/.ssh/authorized_keys
file in your account.To set up public-key authentication using SSH on a Linux or macOS computer:
To generate RSA keys, on the command line, enter:
Enter
or Return
without entering a filename.Alternatively, you can enter a filename (for example, my_ssh_key
) at the prompt, and then press Enter
or Return
. However, many remote hosts are configured to accept private keys with the default filename and path (~/.ssh/id_rsa
for RSA keys) by default. Consequently, to authenticate with a private key that has a different filename, or one that is not stored in the default location, you must explicitly invoke it either on the SSH command line or in an SSH client configuration file (~/.ssh/config
); see below for instructions.
Enter
or Return
. If you press Enter
or Return
without entering a password, your private key will be generated without password-protection.Your private key will be generated using the default filename (for example, id_rsa
) or the filename you specified (for example, my_ssh_key
), and stored on your computer in a .ssh
directory off your home directory (for example, ~/.ssh/id_rsa
or ~/.ssh/my_ssh_key
).
The corresponding public key will be generated using the same filename (but with a .pub
extension added) and stored in the same location (for example, ~/.ssh/id_rsa.pub
or ~/.ssh/my_ssh_key.pub
).
~/.ssh/id_rsa.pub
) to your account on the remote system (for example, [email protected]
); for example, using command-line SCP: You'll be prompted for your account password. Your public key will be copied to your home directory (and saved with the same filename) on the remote system.
~/.ssh/authorized_keys
file in your account (if your account doesn't have ~/.ssh/authorized_keys
file, system administrators can create one for you). Once your public key is added to your ~/.ssh/authorized_keys
file on the remote system, the setup process is complete, and you should now be able to SSH to your account from the computer that has your private key.~/.ssh/authorized_keys
file, create one; on the command line, enter the following commands: ~/.ssh/authorized_keys
file, executing these commands will not damage the existing directory or file.~/id_rsa.pub
) to a new line in your ~/.ssh/authorized_keys
file; on the command line, enter: You may want to check the contents of ~/.ssh/authorized_keys
to make sure your public key was added properly; on the command line, enter:
~/id_rsa.pub
) from your account on the remote system; on the command line, enter:Alternatively, if you prefer to keep a copy of your public key on the remote system, move it to your .ssh
directory; on the command line, enter:
[email protected]
) from the computer (for example, host1
) that has your private key (for example, ~/.ssh/id_rsa
):If the private key you're using does not have the default name, or is not stored in the default path (not ~/.ssh/id_rsa
), you must explicitly invoke it in one of two ways:
-i
flag and the path to your private key.For example, to invoke the private key host2_key
, stored in the ~/.ssh/old_keys
directory, when connecting to your account on a remote host (for example, [email protected]
), enter:
~/.ssh/config
), if it exists/etc/ssh/ssh_config
)The SSH client configuration file is a text file containing keywords and arguments. To specify which private key should be used for connections to a particular remote host, use a text editor to create a ~/.ssh/config
that includes the Host
and IdentityFile
keywords.
For example, for connections to host2.somewhere.edu
, to make SSH automatically invoke the private key host2_key
, stored in the ~/.ssh/old_keys
directory, create a ~/.ssh/config
file with these lines included:
Once you save the file, SSH will use the specified private key for future connections to that host.
You can add multiple Host
and IdentityFile
directives to specify a different private key for each host listed; for example:
Alternatively, you can use a single asterisk ( *
) to provide global defaults for all hosts (specify one private key for several hosts); for example:
For more about the SSH client configuration file, see the OpenSSH SSH client configuration file on the web or from the command line (man ssh_config
).
The PuTTY command-line SSH client, the PuTTYgen key generation utility, the Pageant SSH authentication agent, and the PuTTY SCP and SFTP utilities are packaged together in a Windows installer available under The MIT License for free download from the PuTTY development team.
After installing PuTTY:
2048
).putty_key
), select a location on your computer to store it, and then click Save.putty_private_key
), select a location on your computer to store it, and then click Save.putty_rsa
), select a location on your computer to store it, and then click Save.If the remote system does not support password-based authentication, you will need to ask system administrators to add your public key to the ~/.ssh/authorized_keys
file in your account (if your account doesn't have ~/.ssh/authorized_keys
file, system administrators can create one for you). Once your public key is added to your account's ~/.ssh/authorized_keys
file on the remote system..
~/.ssh/authorized_keys
file, create one; on the command line, enter the following commands:If your account on the remote system already has ~/.ssh/authorized_keys
, executing these commands will not damage the existing directory or file.
~/.ssh/authorized_keys
file, and then save and close the file.putty_private_key.ppk
), select the file, and then click Open.If your private key is not passphrase-protected, Pageant will add your private key without prompting you for a passphrase.
Either way, Pageant stores the unencrypted private key in memory for use by PuTTY when you initiate an SSH session to the remote system that has your public key.
Deathstar
), and then click Save.Startup
folder to launch Pageant and load your private key automatically whenever you log into your desktop. For instructions, finish the rest of the following steps.Startup
folder. Press Win-r
, and in the 'Open' field, type shell:startup
, and then press Enter
.Startup
folder, and then select New and Shortcut.pageant.exe
) followed by the path to your private key file (for example, putty_private_key.ppk
); enclose both paths in double quotes; for example: PAGEANT
).The next time you log into your Windows desktop, Pageant will start automatically, load your private key, and (if applicable) prompt you for the passphrase.