ssh-keygen how it works


Easy authentication with SSH keys and secure connection to SSH host and WebServer on the Internet without password. This tutorial shows how to create a private key and store the corresponding public key on the WebServer.

How to use SSH keygen on Linux and macOS

SSH keys eliminate the need to enter passwords when connecting via SSH. Especially for the administration of several accounts, this can bring a lot of time savings. The following describes how to set up SSH keys with ssh-keygen on Linux and macOS. To do this, open a terminal and execute the command.

$ ssh-keygen -t rsa -b 4096

The computer now asks in which file the key should be stored, preferably create a new unique file. The default is that the key is stored in the default file (id_rsa), which is confusing, and the folder “.ssh” is also hidden.

$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mike/.ssh/id_rsa): my-key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in my-key.
Your public key has been saved in
The key fingerprint is:
SHA256:7oBofs25Wz2b03V2+5daXFUAq8ClijSfSjUog/3sVwo mike@thinkpad
The key's randomart image is:
+---[RSA 4096]----+
|          . .....|
| o   . . o   .  .|
|. + + o +   .   .|
|   * = + . .    .|
|    E + S .     .|
|   + + + .    o =|
|  o +o+.o o. . =+|
| o  ..++  .+. .o.|
|  ..  oo. o. .. +|
+---- SHA256 -----+

A key is created after the RSA cryptosystem with a length of 4096 bits. This means that the key can hardly be cracked by brute force.

A passphrase can now also be assigned for even more security, but this is not absolutely necessary. If you want to use a passphrase for the key, you can enter it and then confirm it. Otherwise, you can skip this option with the Enter key. We create a key pair at this point without additional passphrase.

That’s it: The key pair is created and is in the specified file. These can be opened with a text editor in the terminal with vi or nano, and with macOS with any editor to view the key pair, but nothing may be changed, even no blank lines may be inserted.


The contents of the file in abbreviated form are similar to this.

ssh-rsa AAAAB3NzaC1yc2EAAADAQABACQCuA1tumTMG/sa7OpjxbuL5vz7R..
VOOpjavLDM0iZjWbRc3KeKuEIu9Lw== mike@thinkpad

Bring a public key to the server

Now there is the last step to store the public key on the desired WebServer. The best way to do it is on the server with “ssh-copy-id”. Since the creation took place on the “control computer”, i.e. the laptop, the public key still has to be copied to the WebServer. First, you log in to the server and then store the key there. To do this, the necessary command in the terminal is as follows.

$ ssh-copy-id -i ~/.ssh/my-key

Alternatively, if you do not want to use “ssh-copy-id”, the contents of the local file ~/.ssh/ can be copied to the WebServer in the file ~/.ssh/authorized_keys. To do this, run the command in the shell on the control computer.

$ cat ~/.ssh/ | ssh "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
chmod 0600 ~/.ssh/authorized_keys

Alternatively, the public key can also be saved directly in the file authorized_keys via copy paste.

  The private key my-key must remain secret, so do not place it on the server.

  On Windows, OpenSSH can be deployed, under Settings – Apps and Features – Optional Features, or PuTTY (puttygen) is used.

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published.