openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
-pubout
flag is really important. Be sure to include it.public.pem
and ensure that it starts with-----BEGIN PUBLIC KEY-----
. This is how you know that this file is thepublic key of the pair and not a private key.less
command, like this:less public.pem
openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM
-pubout
was dropped from the end of the command.That changes the meaning of the command from that of exporting the public keyto exporting the private key outside of its encrypted wrapper. Inspecting theoutput file, in this case private_unencrypted.pem
clearly shows that the keyis a RSA private key as it starts with -----BEGIN RSA PRIVATE KEY-----
.-----BEGIN RSA PRIVATE KEY-----
or -----BEGIN PUBLIC KEY-----
.less private.pem
to verify that it starts with a -----BEGIN RSA PRIVATE KEY-----
less public.pem
to verify that it starts with a -----BEGIN PUBLIC KEY-----
ssh-keygen
command to generate SSH public and private key files. By default, these files are created in the ~/.ssh directory. You can specify a different location, and an optional password (passphrase) to access the private key file. If an SSH key pair with the same name exists in the given location, those files are overwritten.--generate-ssh-keys
option. The key files are stored in the ~/.ssh directory unless specified otherwise with the --ssh-dest-key-path
option. The --generate-ssh-keys
option will not overwrite existing key files, instead returning an error. In the following command, replace VMname and RGname with your own values:cat
command, replacing ~/.ssh/id_rsa.pub
with the path and filename of your own public key file if needed:pbcopy
. Similarly in Linux, you can pipe the public key file to programs such as xclip
.--ssh-key-values
option. In the following command, replace VMname, RGname, and keyFile with your own values:--ssh-key-values sshkey-desktop.pub sshkey-laptop.pub
.