How to Generate an SSH Key Pair in Ubuntu for Secure Authentication

Secure Shell (SSH) keys provide a secure and convenient method for authenticating to remote servers without needing passwords. If you’re a developer or system administrator, setting up an SSH key pair is an essential step to streamline secure access to servers. This guide will walk you through the process of generating an SSH key pair on an Ubuntu system.


What is an SSH Key Pair?

An SSH key pair consists of two components:

  1. Private Key: Stored securely on your local machine and should never be shared.
  2. Public Key: Shared with the remote server to enable authentication.

By combining these keys, you can log in to servers without typing passwords, adding both convenience and security.


Steps to Generate an SSH Key Pair

Step 1: Generate the SSH Key

  1. Open your terminal on your Ubuntu system.
  2. Use the ssh-keygen command to generate a key pair:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Explanation:

  • -t rsa: Specifies the RSA algorithm for key generation.
  • -b 4096: Generates a 4096-bit key for enhanced security.
  • -C "your_email@example.com": Adds a label (your email) to identify the key.

Step 2: Specify the File Location

  1. When prompted:
Enter file in which to save the key (/home/your_user/.ssh/id_rsa):

Press Enter to save the key in the default location (/home/your_user/.ssh/id_rsa). If you want to save it in a different location, specify the full path.

Step 3: Set a Passphrase

  1. You’ll be asked to set a passphrase:
Enter passphrase (empty for no passphrase):
  • Optional: Enter a passphrase for an additional layer of security. Press Enter to skip if you prefer no passphrase.
  • Confirm the passphrase when prompted.

Step 4: View the Key Details

  1. Once the key pair is generated, you’ll see output similar to the following:
Your identification has been saved in /home/your_user/.ssh/id_rsa
Your public key has been saved in /home/your_user/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX your_email@example.com
The key's randomart image is:
   +---[RSA 4096]----+
   |  +.  . .        |
   | o +   o +       |
   | .o o . + o      |
   |..+. E * o       |
   |o+..o = S .      |
   |.o* =+.O .       |
   |.oo*o+* +        |
   |o+ o.= .         |
   |o.o.o .          |
   +----[SHA256]-----+

Accessing the Generated Keys

Private Key

The private key is stored in the default location unless you specified otherwise:

cat ~/.ssh/id_rsa

⚠️ Warning: Never share your private key. Keep it secure.

Public Key

To view your public key, run:

cat ~/.ssh/id_rsa.pub

You’ll see a single line of text that looks like this:

ssh-rsa AAAAB3...rest_of_the_key... your_email@example.com

Using Your SSH Key Pair

Add Public Key to Remote Server

  1. Copy the public key to the remote server:
ssh-copy-id user@remote_host
  1. Alternatively, manually add the key to the ~/.ssh/authorized_keys file on the remote server.

Test the Connection

  1. Test logging in without a password:
ssh user@remote_host

Best Practices for Managing SSH Keys

Secure Your Private Key:

  • Set restrictive permissions:
chmod 600 ~/.ssh/id_rsa

Backup Your Keys:

  • Store a copy of your keys in a secure location.

Use Key Passphrases:

  • Add a passphrase for critical systems.

Regularly Rotate Keys:

  • Update keys periodically to maintain security.

By following these steps, you’ve set up a robust and secure method for accessing your servers. SSH keys not only enhance security but also eliminate the hassle of managing passwords. Happy coding!

Scroll to Top