Generate SSH Public and Private Keys on Linux


SSH allows for both password based authentication, as well as public key authentication. Public key authentication is generally regarded as being more secure, as it isn’t as prone to brute force login attempts (if you disable password based authentication). The private key can also have a passphrase associated with it, which makes public key authentication even more secure if needed.

Sometimes cloud servers will let you put a public key in as a authorized authentication key when the cloud server is created, preventing the need for password based authentication to be enabled by default.

Generate a new SSH public and private key pair:

“Identifying comment” can be any string that will assist in determining which key this is. “[email protected]” of the machine where you are connecting from would be a good example.


This will generate two files, “keypair” and “”. “keypair” being the private key that you need to keep secure, and “” being the public key, that can be put on servers that you want to be able to log into with the private key.

Change the filename to suit your needs. This example uses “keypair” for the examples.

The contents of the public key file “” can be inserted into the ~/.ssh/authorized_keys file on the machine that you want to be able to connect into remotely. This must be done for the specific user.

Insert public key into authorized keys

View the contents of the public key file:


Take note of the output, and copy it into the clipboard if possible, or use some other method to get this file/data onto the remote machine, as it will be used in the next step.

On the remote server you want to be able to log into:

If you have chosen to copy the public key file to the remote host instead, you can issue the following command instead:

Logging into remote ssh server using the private key file

To connect to the remote host using SSH you can use the following command:

This will use the private key called “keypair” created earlier, and assuming the remote server has the public key added to the “user” users authorized_keys file, you should be able to log into the remote system.