SSH keys are a necessity for Python development when you are working with Git, connecting to remote servers and automating your deployments. Let's walk through how to generate SSH key pairs, which contain both a public and a private key within a single pair, on Ubuntu Linux.
Open up a new terminal window in Ubuntu like we see in the following screenshot.
ssh-keygen command provides an interactive command line interface for
generating both the public and private keys. Invoke
ssh-keygen with the
-b arguments to ensure we get a 4096 bit RSA key.
Optionally, you can also specify your email address with
one will be generated off your current Linux account):
ssh-keygen -o -t rsa -b 4096 -C [email protected]
-o option was introduced in 2014; if this command fails for you, simply remove the
The first prompt you will see asks where to save the key. However, there are actually two files that will be generated: the public key and the private key.
Generating public/private rsa key pair. Enter file in which to save the key (/home/matt/.ssh/id_rsa):
This prompt refers to the private key and whatever you enter will also
generate a second file for the public key that has the same name and
If you already have a key, you should specify a new filename. I use many SSH keys so I typically name them "test-deploy", "prod-deploy", "ci-server" along with a unique project name. Naming is one of those hard computer science problems, so take some time to come up with a system that works for you and the development team you work with!
Next you will see a prompt for an optional passphrase:
Enter passphrase (empty for no passphrase):
Whether or not you want a passphrase depends on how you will use the key. The system will ask you for the passphrase whenever you use the SSH key so it is more secure. However, if you are automating deployments with a continuous integration server like Jenkins then you will not want a passphrase.
Be aware that it is impossible to recover a passphrase if it is lost. Keep that passphrase safe and secure because otherwise a completely new key would have to be generated.
Enter the passphrase (or just press enter to not have a passphrase) twice. You'll see some output like the following:
Your identification has been saved in /home/matt/.ssh/prod_deploy. Your public key has been saved in /home/matt/.ssh/prod_deploy.pub. The key fingerprint is: SHA256:xoCWgk40XfM5mruZQNCVoBKXZ4d0gn09ivVENacb7xw [email protected] The key's randomart image is: +---[RSA 2048]----+ |.oo*==oo..o . | |.+*.*** = + | |o+.++=.B .o | |+ .o. +oo + | | . . o S . E | | . .. o . | | . . o | | . + | | + | +----[SHA256]-----+
Your SSH key is now generated and ready to use!
Now that you have your public and private keys, I recommend setting up a Python development environment with one of the following tutorials so you can start coding:
ssh-keygen command resources:
Questions? Contact me via Twitter @fullstackpython or @mattmakai. I'm also on GitHub with the username mattmakai.
See something wrong in this post? Fork this page's source on GitHub and submit a pull request.