ssh-agent
or gnome-keyring
allows you to enter that passphrase periodically, instead of each time you use the key to access a remote system.ssh-keygen
command, and choosing the defaults at all the prompts:~/.ssh
directory, which will be created if it does not exist:.pub
is the public key that needs to be transferred to the remote systems. It is a file containing a single line: The protocol, the key, and an email used as an identifier. Options for the ssh-keygen
command allow you to specify a different identifier:ssh-keygen
command also displays the fingerprint and randomart image that are unique to this key. This information can be shared with other people who may need to verify your public key.-l
option lists the fingerprint, and the -v
option adds the ASCII art.ssh-copy-id
command. If you used the default name for the key all you need to specify is the remote user and host:sshd
man page.ssh-keygen
command with the -p
option:-f
), and the old (-P
) or new (-N
) passphrases on the command line. Remember that any passwords specified on the command line will be saved in your shell history.ssh-keygen
man page for additional options.ssh-keygen
, and the new public key has to be transferred to the desired remote systems.kdump
utility, when configured to dump the kernel to a remote system using SSH, is one example.ssh-agent
daemon and an ssh-add
utility to cache the unlocked private key. The GNOME desktop also has a keyring daemon that stores passwords and secrets but also implements an SSH agent.openssh_keypair
module uses ssh-keygen
to generate keys and the authorized_key
module adds and removes SSH authorized keys for particular user accounts.openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
-pubout
flag is really important. Be sure to include it.public.pem
and ensure that it starts with-----BEGIN PUBLIC KEY-----
. This is how you know that this file is thepublic key of the pair and not a private key.less
command, like this:less public.pem
openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM
-pubout
was dropped from the end of the command.That changes the meaning of the command from that of exporting the public keyto exporting the private key outside of its encrypted wrapper. Inspecting theoutput file, in this case private_unencrypted.pem
clearly shows that the keyis a RSA private key as it starts with -----BEGIN RSA PRIVATE KEY-----
.-----BEGIN RSA PRIVATE KEY-----
or -----BEGIN PUBLIC KEY-----
.less private.pem
to verify that it starts with a -----BEGIN RSA PRIVATE KEY-----
less public.pem
to verify that it starts with a -----BEGIN PUBLIC KEY-----