Jay Taylor's notes

back to listing index

How do I retrieve the public key from a SSH private key?

[web search]
Original source (askubuntu.com)
Tags: SSH ssh-key openssh askubuntu.com
Clipped on: 2015-12-06

A SSH private key as generated by ssh-keygen contains a public key part. How do I retrieve this public key from the private key? I've lost my public key and need to put the contents of this public key in the servers authorized_keys file and do not want to create a new key pair.

Alternatively phrased: how do I create the id_rsa.pub file from a id_rsa file?

asked Jul 18 '11 at 9:57
Image (Asset 3/5) alt=
up vote 175 down vote accepted

I've found the answer on Serverfault: Create a public SSH key from the private key?

The option -y outputs the public key:

ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

As a side note, the comment of the public key is lost. I've had a site which required the comment (Launchpad?), so you need to edit ~/.ssh/id_rsa.pub and append a comment to the first line with a space between the comment and key data. An example public key is shown truncated below.

ssh-rsa AAAA..../VqDjtS5 ubuntu@ubuntu
answered Jul 18 '11 at 10:12
Image (Asset 4/5) alt=
1 upvote
you made it piece of cake. thanks – bragboy Jun 4 at 15:39
Please note that your private key file ~/.ssh/id_rsa must be restricted to your username. use $ sudo chmod 600 ~/.ssh/id_rsa and enter your root credentials to restrict it, then you can output the public key file. Otherwise you will get unrestricted private key file warning. – Mark Mikofski Sep 6 at 4:30
1 upvote
@MarkMikofski No need for sudo, you are supposed to own the private key already. Otherwise you cannot read it in the first place. – Lekensteyn Sep 6 at 10:28
@Lekensteyn thanks, of course you're right!. Also 400 is recommended since no need to write to type private key file. Corrected command should be $ chmod 400 ~/.ssh/id_rsa – Mark Mikofski Sep 6 at 14:38

Solution is specifically for users using Windows to SSH into their remote machines including cloud images on AWS and GCE.

(If this works for you, an upvote is highly appreciated. Thanks for your patience.)


Recently used this solution to remote login new deployed vm images on GCE.

Tools used:

  1. puttygen
  2. winscp

Steps to perform:

  1. Generate public/private key pair using puttygen.
  2. Upload public key to your server in cloud or remote location.

Description (how to do it):

  1. Generate a key/pair or use existing private key:

    If you have a private key:

    open puttygen, press load button and select your private key (*.pem) file.

    If you do not have a private key:

    • Open puttygen,
    • Select the desired key type SSH2 DSA (you may use RSA or DSA) within the Parameters section... and it is important that you leave the passphrase field blank,
    • Press generate and follow instructions to generate (public/private) key pair.

      Image (Asset 5/5) alt=

  2. Create a new 'authorized_keys' file (with notepad):

    Copy your public key data from the "Public key for pasting into OpenSSH authorized_keys file" section of the PuTTY Key Generator, and paste the key data to the "authorized_keys" file.

    Make sure there is only one line of text in this file.

  3. Upload key to linux server:

    • Open WinSCP,
    • Select SFTP file protocol and login with your ssh credentials.
    • On success, you see home directory structure at your remote machine.

    Upload authorized_keys file to home directory at remote machine.

  4. Set proper permissions:

    Make .ssh directory (if not existed)

    Copy authorized_keys file to .ssh directory. (this will replace any existed authorized_keys file, take note of this).

    If file existed, simply add contents of this file to the existing file.

    Run commands to set permissions:

    sudo chmod 700 .ssh && chmod 600 .ssh/authorized_keys

Now You will be able to ssh into remote machine without entering credentials everytime.

Further reading:

  1. https://opengear.zendesk.com/entries/23216142-Generating-and-uploading-SSH-keys-under-Windows

  2. http://www.beginninglinux.com/home/server-administration/openssh-keys-certificates-authentication-pem-pub-crt

answered Nov 20 at 6:18
If Your home directory is encryted, do this: askubuntu.com/questions/439184/… – devprashant Nov 21 at 10:06

Your Answer


4 years ago


112943 times


16 days ago

Hot Network Questions

Technology Life / Arts Culture / Recreation Science Other
  1. Stack Overflow
  2. Server Fault
  3. Super User
  4. Web Applications
  5. Ask Ubuntu
  6. Webmasters
  7. Game Development
  8. TeX - LaTeX
  1. Programmers
  2. Unix & Linux
  3. Ask Different (Apple)
  4. WordPress Development
  5. Geographic Information Systems
  6. Electrical Engineering
  7. Android Enthusiasts
  8. Information Security
  1. Database Administrators
  2. Drupal Answers
  3. SharePoint
  4. User Experience
  5. Mathematica
  6. Salesforce
  7. ExpressionEngine® Answers
  8. more (13)
  1. Photography
  2. Science Fiction & Fantasy
  3. Graphic Design
  4. Movies & TV
  5. Seasoned Advice (cooking)
  6. Home Improvement
  7. Personal Finance & Money
  8. Academia
  9. more (9)
  1. English Language & Usage
  2. Skeptics
  3. Mi Yodeya (Judaism)
  4. Travel
  5. Christianity
  6. Arqade (gaming)
  7. Bicycles
  8. Role-playing Games
  9. more (21)
  1. Mathematics
  2. Cross Validated (stats)
  3. Theoretical Computer Science
  4. Physics
  5. MathOverflow
  6. Chemistry
  7. Biology
  8. more (5)
  1. Stack Apps
  2. Meta Stack Exchange
  3. Area 51
  4. Stack Overflow Careers
site design / logo © 2015 Stack Exchange Inc; user contributions licensed under cc by-sa 3.0 with attribution required
rev 2015.12.3.3047
Ubuntu and Canonical are registered trademarks of Canonical Ltd.