Generate public SSH key from private SSH key

pub-key-regenerateA lost SSH public-key or a web service generates an SSH key but does not provide the public-key part to you. What to do now? There is a solution for this situation.

When you have an SSH key you need the public key to setup SSH passwordless login with SSH-key. But if you have lost the public key part but still have the private key, there is a way to regenerate the key.

With the public key missing, the following command will show you that there is no public key for this SSH key.

$ ssh-keygen -l -f ~/.ssh/id_rsa
test is not a public key file.

The -l option instructs to show the fingerprint in the public key while the -f option specifies the file of the key to list the fingerprint for.

To generate the missing public key again from the private key, the following command will generate the public key of the private key provided with the -f option.

$ ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/
Enter passphrase:

The -y option will read a private SSH key file and prints an SSH public key to stdout. The public key part is redirected to the file with the same name as the private key but with the .pub file extension. If the key has a password set, the password will be required to generate the public key.

To check the details of the generated public key execute the following command as shown above.

$ ssh-keygen -l -f ~/.ssh/id_rsa
4096 d6:7b:c7:7a:4f:3c:4d:29:54:62:5f:2c:58:b2:cb:86 ~/.ssh/id_rsa (RSA)

The output of this command shows the key size as the first column, the fingerprint as the second column and after the file name, the type is shown in brackets. In the example above, a 4096 bit RSA key.

Read more of my posts on my blog at

This entry was posted in Linux Administration, Security and tagged , . Bookmark the permalink.