Creating SSH Keys on Ubuntu Linux 16.04 LTS

Post updated by Matt Makai on April 28, 2017. Originally posted on February 14, 2017.

SSH keys are a necessity for Python development when you are working with Git, connecting to remote servers and automating your deployments. Let's walk through how to generate SSH key pairs, which contain both a public and a private key within a single pair, on Ubuntu Linux.

Generating the Public and Private Keys

Open up a new terminal window in Ubuntu like we see in the following screenshot.

The ssh-keygen command provides an interactive command line interface for generating both the public and private keys. Invoke ssh-keygen with the following -t and -b arguments to ensure we get a 4096 bit RSA key. Optionally, you can also specify your email address with -C (otherwise one will be generated off your current Linux account):

ssh-keygen -o -t rsa -b 4096 -C [email protected]

(Note: the -o option was introduced in 2014; if this command fails for you, simply remove the -o option)

The first prompt you will see asks where to save the key. However, there are actually two files that will be generated: the public key and the private key.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/matt/.ssh/id_rsa): 

This prompt refers to the private key and whatever you enter will also generate a second file for the public key that has the same name and .pub appended.

If you already have a key, you should specify a new filename. I use many SSH keys so I typically name them "test-deploy", "prod-deploy", "ci-server" along with a unique project name. Naming is one of those hard computer science problems, so take some time to come up with a system that works for you and the development team you work with!

Next you will see a prompt for an optional passphrase:

Enter passphrase (empty for no passphrase):

Whether or not you want a passphrase depends on how you will use the key. The system will ask you for the passphrase whenever you use the SSH key so it is more secure. However, if you are automating deployments with a continuous integration server like Jenkins then you will not want a passphrase.

Be aware that it is impossible to recover a passphrase if it is lost. Keep that passphrase safe and secure because otherwise a completely new key would have to be generated.

Enter the passphrase (or just press enter to not have a passphrase) twice. You'll see some output like the following:

Your identification has been saved in /home/matt/.ssh/prod_deploy.
Your public key has been saved in /home/matt/.ssh/
The key fingerprint is:
SHA256:xoCWgk40XfM5mruZQNCVoBKXZ4d0gn09ivVENacb7xw [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|.oo*==oo..o .    |
|.+*.*** =  +     |
|o+.++=.B .o      |
|+ .o. +oo  +     |
| . . o  S . E    |
|  .   ..   o .   |
|   . .      o    |
|    . +          |
|     +           |

Your SSH key is now generated and ready to use!

What now?

Now that you have your public and private keys, I recommend setting up a Python development environment with one of the following tutorials so you can start coding:

Additional ssh-keygen command resources:

Questions? Contact me via Twitter @fullstackpython or @mattmakai. I'm also on GitHub with the username mattmakai.

See something wrong in this post? Fork this page's source on GitHub and submit a pull request.

Matt Makai 2012-2022