SSH Keys

For most servers, you would authenticate yourself to access the server via an password. Whilst the usage of passwords is most common, others prefer to authenticate via an SSH keys instead. The SSH access can be authorised via a key pair where by one key is known as the public key and the corresponding key is a private key.

The key would be unique where by only the private key and the public key would be a match in order to grant access to the server itself. These keys typically is made on 2 sizes, 2048 bits and 4096, currently the most common key size is 2048 however in our example we will be looking at creating an 4096 key instead.

ssh-keygen -t rsa -b 4096

Generating public/private rsa key pair.
Enter file in which to save the key (/home/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/root/.ssh/id_rsa.
Your public key has been saved in /home/root/.ssh/
The key fingerprint is:
df:95:a9:c2:c1:55:d0:26:dd:d1:a4:35:48:cc:7a:ce root@server
The key's randomart image is:
+--[ RSA 4096]----+
|            ==o==|
|            .=+o+|
|            oo.  |
|         . o . o |
|        S o + +  |
|         o o E   |
|          + o    |
|           .     |
|                 |

This will create the SSH key pair, a public key and a private key. If you wish to create a 2048 SSH key size instead, you can use the command of ssh-keygen -t rsa -b 2048. Once the key has been created, we will be presented with the keys. The keys can be found at /home/root/.ssh.

Public Key

Key created location: /home/root/.ssh/
Key location on server: /home/root/.ssh/authorized_keys2

This key will be stored on your server. You can give this key to anyone as this is an public key and anyone who stores this key to their server, you will be able to access their server as you would hold the private SSH key to match with this particular public key.

Private key


This key is to be kept to your self, no one should have this key. This key will allow you to access your server from your own authorised computers. Anyone else who has this private key will be able to access your server as well.