How to verify if a public and private RSA SSH key match?

Introduction

There may be a time when you wish to verify a newly created public and private SSH key are valid and is matched pair. This can be shown on the command line.

Procedure

Please note: The commands below will show the contents of your SSH public and private keys. You should not share your SSH private keys with anyone for any reason.

1. Access the server via SSH as the root user
2. Navigate to the folder that holds your SSH keys. By default, this will be the following folder:

   cd /root/.ssh/

3. This folder will contain both the private and public keys, for example:

   -rwx------ 1 root root 3401 Jan 01 00:00 id_rsa. <--private key
   -rwxr--r-- 1 root root 758 Jan 01 00:00 id_rsa.pub <-- public key

4. Use the "ssh-keygen" command to test the files. The output of the command will contain the [SIGNATURE] which has been redacted from the below examples. If the signatures match, then the files are a valid pair of keys:

   # ssh-keygen -l -f id_rsa.
   2048 SHA256:[SIGNATURE] user@domain.tld (RSA)
   
   # ssh-keygen -l -f id_rsa.pub
   
   2048 SHA256:[SIGNATURE] user@domain.tld (RSA)