Generating New Host Keys

You looked in /etc/ssh and didn’t see any key files: your Linux distribution did not generate host keys when you installed OpenSSH. Or you just want to create new host keys yourself.

Use ssh-keygen to create a new key pair. This must be done as root, and you have to specify the name of the new key pair. You only need one key pair. Always specify a passphrase:

# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
6c:24:75:54:d3:21:17:c9:11:db:41:dd:95:3f:d0:ac root@windbag

This example uses the default key names, but you can call the keys anything you like. If you use different names, be sure to enter them in /etc/ssh/sshd_config:

# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key