Cryptography

Generate SSH Keys in Linux (Fedora 35)

RSA

The simplest way is to execute the following command:

ssh-keygen -t rsa

This is how the whole process looks like in console. Please note that I did override the default key-pair location.

[terminator@fedora ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/terminator/.ssh/id_rsa): /home/terminator/test-ssh/id_rsa
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/terminator/test-ssh/id_rsa
Your public key has been saved in /home/terminator/test-ssh/id_rsa.pub
The key fingerprint is:
SHA256:VWjMnVqPPaY0y9iHvWpYG/JqJnSV2pZTZDkrlmARrtY terminator@fedora.home
The key's randomart image is:
+---[RSA 3072]----+
|         oo=.. . |
|         .B.+ =  |
|         oo+ O o |
|         +. X B  |
|        S EX @ . |
|       .. = & o  |
|       . . * = . |
|        . + + .  |
|         +.o..   |
+----[SHA256]-----+

The private key looks like this:

[terminator@fedora ~]$ cat test-ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCykTrbjR
Ytph1wo+yz0wmmAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQC8UtzH0Zlo
47uY/tsY/vCM4qWEuOidNOgFoujl0Ol32HcOMD8rqrUvnpa0j1INIGaCeTIWSmd6q2z35/
2s41BBIFzP9jtwukmiikXpeWeQgR0Td5vfIyOBupdfnrJd4rut0tBA9Kiz0GiKskZLK9HJ
Ce2+hiqVwhPaLi4CTyhi6V+ZxA5g6126LC1Rh6XJRw7wlMuQ3XtenFLhRrw6JEyOOKa9ck
MUEpAHCRIhWBmCIBmRIu8zo6Kn6pCi8ylC29zG8mqpBCAtXM7Ox53nfzO+VgQP4Zk5Eseu
JBw2TbOhCtgx8wX+Xx6lD5m2Fm8NoYSVNkJWI6yGabyZGqorwGYgOA9YFqLA04EH/Y05if
eVCUCh0E8smcBqFgyX6mmcJo3nZwsB02o3cTAIQA63WaAoiONitbYx73vJdlZDK6V38B+q
WmW+yrwphLhSCYmzuw/WeMLSH5ypQfgb1nSf3kGN4d2SDo+3dymcB6wOR5C/P2aavVs62V
0TyyJ0V/uipq8AAAWQ7IxdIGZYFsBuO+5U79UMW86z6JKpUOMxGkvJd8ariTaK8o+BeY4L
nIXUrULUCZIv9/Y+Ce1OJb3/tCno3Je2Z7906m9glA6xYiQizPlSKjAHU/pRIuKg8GrYBV
dsq5rAeSl8Igultp7iP1yQs/icHrIgHFbq60521EO3fZOicF/WS2bIS3nLFpPDVa2i4WxQ
MNHSROOXBvlKnxVA4KDLJIxS4CNkqDyDlKn5qlBhhcBqXTTiGh78eNVzdb2SVnxLmQP2GE
14pf8U71q43NQAJVcYwG++BirKVPZI7jQQvv0yCRXcnzi9t/Cx6K10rWMHS9XNGMC6j61Q
m5dhPXei45ItGDu+jxtP35Z9fcMFXbUq7NoqfnWbpBMiBPYi2J51k/wLvoXJmW0BpuJjvl
j7zUsNFsj+EQpN1b55W5A1nVL6ewzX9UR125GcqBd7NFFBQ2cLfSe7Mq1blePhpi8qqO49
EuOaloIIypwZ4CuRXoqMOKF2J/BGaDg1CHrZ71kUv+MPkjyisoHl92M0F2/iRBVHYThVAz
IK5/c41xkR9fayyU6R2qIQm14lwuFet67E9RguEjyYKdlIUKOyPYzj7FWapxYxkVEs5LX0
JJuczYL8Bjb93KLnPQxl9MZsgUgmWRIvEpyyoxQ7m2lha9kLsSATJPmsY7FUSaZLBTvnBP
4OoaLsO3BfqOxaCsF2NjrFS+Y0YEEe1y412WTBGl58QiV+LrjCQsfTdyY8Pz4g1BKmi35D
6kcnfIZdsqysxdWspxf2VVI+JbPeUUycwc5LkP5vv+fYYG/cdPrSyjXHNxGG1hLvOlvchu
NOq/pVdbjGMNpmaxvWPJVWTC2+zPmi6qAx0GMQ7HgYz55hJweGfCTP/UDFuOAXbK1t4gMM
64SvSDHewwqyaRQj2kR6ORXwT3vDLVsIrywyK1HtcaL0oPoNJG4O8Ln+DY2G7ri953cm81
+PNP7BK7mchpLPCdb/O1cjLcpgnzReZQtheophNTzjITBEa5F6Or4bZHjjuM7U/j5w/p2Q
coQjUNKThYy74RAHMY8j/oHvKvwrghYwFjtcE2wZAWIbDiDQ3LkXbck9qM3emuIFtBkylX
5HP2Kia4BWSnB6/w8cNPPJ4Tq4EAxOnS5NeedT/s20bZsKoFD9Ioy9o19IAFDLDNnWG//n
dLiLPrh8R+dsZW+MXNd6oX/I/UYSlN39ujr4RUKB7fRGdkyu5lZaTIABjGUNBMGVJ2crsJ
+oMJ6NRk9/zfhiwUQ/XidI71pQDfblvYpc17KOr1c8P4hS5in5yIGxikWUdHsuRS8aAitO
veznyXdCHpO1x33ypL/eVN4RcNAe4QcM/PLB9rvgFAW5+SNNN0/AuqKA86BcGGvdjU9ZAH
KxwXJw/KHTgXBI8FvJnCVsu6UiYYm1N6hTVwGq9Ya4EnroIQvleN7n0DQcS3oVIZq+c7WA
NJaq8lS5xx7rfUWIqYxgkbmw7JDBRUr3K9Xf+qLpz8Yf3OSAgPrwFqunwH5qM+poAbASjr
Fh1C6NDVcCuzP+D8Segim/YmBG0DhPiLGdeDhlia6aVveCQUw7SlfD9Q5Jlx7T5kHymp9K
Qgs11g2czHp4WPv+SVKis+NfkQQW5nwJsNdtpK/zR0/O5kyzfG2dhAa7gG6l0jzheQXVxS
WVSq3z3++h7ikEuuK5ZmUaJCEIhdYJT0fg9pSl1Goeh/7BilvCFAEg0Nhv+BwCDgK4e6E/
lAqCPjqkWSFL5FlphdhDvTU0FG6EQysPi6YZZJuohzQ2ghy8hDYNEZ6g+5LMB47P1LiqIw
n5Y0fx1jZMliCntDy2PotBxgSd8B/VfiF1iX5rv1CN2dQrX/HPDQGjWityDOQR/XSZlXJK
mT3OyloqoFZimCA+5f3K8Ny2BVs=
-----END OPENSSH PRIVATE KEY-----

The public key looks like this:

[terminator@fedora ~]$ cat test-ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8UtzH0Zlo47uY/tsY/vCM4qWEuOidNOgFoujl0Ol32HcOMD8rqrUvnpa0j1INIGaCeTIWSmd6q2z35/2s41BBIFzP9jtwukmiikXpeWeQgR0Td5vfIyOBupdfnrJd4rut0tBA9Kiz0GiKskZLK9HJCe2+hiqVwhPaLi4CTyhi6V+ZxA5g6126LC1Rh6XJRw7wlMuQ3XtenFLhRrw6JEyOOKa9ckMUEpAHCRIhWBmCIBmRIu8zo6Kn6pCi8ylC29zG8mqpBCAtXM7Ox53nfzO+VgQP4Zk5EseuJBw2TbOhCtgx8wX+Xx6lD5m2Fm8NoYSVNkJWI6yGabyZGqorwGYgOA9YFqLA04EH/Y05ifeVCUCh0E8smcBqFgyX6mmcJo3nZwsB02o3cTAIQA63WaAoiONitbYx73vJdlZDK6V38B+qWmW+yrwphLhSCYmzuw/WeMLSH5ypQfgb1nSf3kGN4d2SDo+3dymcB6wOR5C/P2aavVs62V0TyyJ0V/uipq8= terminator@fedora.home

For all this to work properly you need to change some permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

IMPORTANT: The above commands are executed in the default SSH directory (~/.ssh) rather than the directory where I saved the generated key-pair for the purpose of this test.

ED25519

This time we'll add a comment.

ssh-keygen -t ed25519 -C "key for www.some.website"

This is how the whole process looks like in console. Please note that I did override the default key-pair location.

[terminator@fedora ~]$ ssh-keygen -t ed25519 -C "key for www.some.website"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/terminator/.ssh/id_ed25519): /home/terminator/test-ssh/id_ed25519
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/terminator/test-ssh/id_ed25519
Your public key has been saved in /home/terminator/test-ssh/id_ed25519.pub
The key fingerprint is:
SHA256:62AnCelrYUJkZjwjSW0apHUtCN+zzRVOu/sOcHybOq0 key for www.some.website
The key's randomart image is:
+--[ED25519 256]--+
|+*o...  o        |
|++X=. .o o       |
|.*=oo.  +        |
| ..  * o .       |
| .  + + S .      |
|  ..o. + + o     |
|   o..= =.o      |
|    .o =.+.      |
|   ..   E+o      |
+----[SHA256]-----+

The private key looks like this:

[terminator@fedora ~]$ cat test-ssh/id_ed25519
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD4d7UH7m
uxOnGtfPFaREOvAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIPNOrzsMd4heDBpj
2JCm8mPzB2Bm7N4yYeLIYdv7TKI/AAAAoEFI1sB908qbfyX0GsRIGFHl7VjrYAzzQgJ3Op
8sW/bGtNFBMB5SwWzxKWxk3kz9NU4jdpAXmqA0p1JxaCh/lwX6XtCnrTw1PLdjsHFPy2Br
SZLVuW4VTr4BfAniDTJL+18Gy3/eveAT0GHWk/wslET6xqfyDZ0rHKWK5zayPgH9zd3Xl+
9jrSt+XmPnwJLZuRvd+BuRwPn3tCDeTc9+2sM=
-----END OPENSSH PRIVATE KEY-----

The public key looks like this:

[terminator@fedora ~]$ cat test-ssh/id_ed25519.pub 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNOrzsMd4heDBpj2JCm8mPzB2Bm7N4yYeLIYdv7TKI/ key for www.some.website

As mentioned before, for all this to work properly you need to change some permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub

IMPORTANT: The above commands are executed in the default SSH directory (~/.ssh) rather than the directory where I saved the generated key-pair for the purpose of this test.

Sources:

https://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/html/Translation_Quick_Start_Guide/sect-Translation_Quick_Start_Guide-Accounts_and_Subscriptions-Making_a_SSH_Key.html

Generate SSH Keys in Linux (Fedora 35)

RSA

ED25519

Read next

Install Kong OSS DB-less mode in Ubuntu Mate Impish 21.10 in Raspberry PI 4

Install DecK for Kong in Ubuntu 20.04 (focal)

Authorize a user to authenticate with SSH key