• Linux/Unix operating system, typically on the administrator's workstation
  • OpenSSH client software installed


The following procedure will generate two keys:

  • Public key: This key is distributed to all machines the administrator wants to connect to. It can be made public.
  • Private key: This key stays on the administrator's machine and has to be kept secret.

    For the confidentiality of the encrypted connection to devices, it is essential to keep the private key secret.

    An easily understandable explanation of private and public keys can be found in a blog post by the programmer Blake Smith.

Generating the Key Pair

  1. Open a terminal session on your workstation as the user who is going to make the SSH connections to the devices.
  2. Issue the following command:
  3. When prompted for the location to store the key pair in, you can:
    • Hit return, which will accept the default file name ~/.ssh/id_rsa
    Using the default name may overwrite existing SSH key pairs!
    • Enter an absolute file path and key file name of your choice.
  4. When prompted for a passphrase, you can
    • Enter a passphrase (twice)

    A passphrase protects the private key file in case it gets into the hands of an attacker. On the other hand, it may be inconvenient to enter the passphrase for every connection.
    • Hit return in order to use no passphrase.

    This increases convenience because you will be able to log in without entering the passphrase. However, it weakens security: The private key file will be unprotected if it gets into the hands of an attacker.

    Two files have been generated (default names):

    • id_rsa - the private key file
    • - the public key file