SSH.COM is one of the most trusted brands in cyber security. We help enterprises and agencies solve the security challenges of digital transformation with innovative access management solutions.
To create a public key pair, run ssh-keygen-g3 on
$ ssh-keygen-g3 Generating 2048-bit dsa key pair 9 oOo.oOo.oOo Key generated. 2048-bit dsa, ClientUser@Client, Thu Jan 2 2014 12:09:46 +0200 Passphrase : Again : Private key saved to /home/ClientUser/.ssh2/id_dsa_2048_a Public key saved to /home/ClientUser/.ssh2/id_dsa_2048_a.pub
When run without options, ssh-keygen-g3 asks for a passphrase for the new key. Enter a sufficiently long (20 characters or so) sequence of any characters (spaces are OK).
In FIPS mode, due to a FIPS regulation which forbids exporting unencrypted private keys out of the FIPS module, it is not possible to generate user keys without a passphrase.
The new authentication key pair consists of two separate files. One of the keys is your private key which must never be made available to anyone but yourself. The private key can only be used together with the passphrase.
On Unix, the key pair is by default stored in your
$HOME/.ssh2 directory (created by ssh-keygen-g3 if
it does not exist previously). On Windows, the key pair is by default stored
In the example above, the private key file is
The public key file is
id_dsa_2048_a.pub, and it can be
distributed to other computers.
By default, ssh-keygen-g3 creates a 2048-bit DSA
key pair. RSA keys can be generated by specifying the
option with ssh-keygen-g3. Key length can be specified
-b option. For automated jobs, the key can be
generated without a passphrase with the
-P option, for example:
$ ssh-keygen-g3 -t rsa -b 1536 -P
For more information on the ssh-keygen-g3 options, see ssh-keygen-g3(1).