SSH Key Generation & Management
The ssh-keygen command generates, manages, and converts authentication keys for SSH (Secure Shell), enabling passwordless, secure authentication between systems using public-key cryptography.
Think of ssh-keygen like creating a high-security key card system instead of using passwords - you generate a matched pair of keys (one public, one private), keep your private key secret, and distribute your public key to servers you want to access. IT professionals use it to set up passwordless SSH login, automate secure server access for scripts and CI/CD pipelines, enable secure file transfers with scp/sftp, connect to GitHub/GitLab repositories, and eliminate password-based authentication vulnerabilities. Once configured, you can log into remote servers instantly without typing passwords!
Advertisement
[ Insert Google AdSense Banner Code Here ]
Set up secure, convenient authentication to remote servers without passwords.
Authenticate with GitHub, GitLab, Bitbucket without entering credentials constantly.
Enable scripts and cron jobs to connect to servers without interactive password prompts.
Replace weak passwords with strong cryptographic keys, preventing brute-force attacks.
ssh-keygen -t ed25519 -C "user@email.com" Generate modern Ed25519 key (recommended - faster, more secure than RSA).
ssh-keygen -t rsa -b 4096 Generate 4096-bit RSA key (legacy compatibility, larger key size).
ssh-keygen Interactive key generation with default settings (RSA 3072-bit).
ssh-keygen -l -f ~/.ssh/id_rsa.pub Show fingerprint of your public key (verify key identity).
ssh-keygen -y -f ~/.ssh/id_rsa Display public key from private key file (if you lost the .pub file).
ssh-keygen -p -f ~/.ssh/id_rsa Change passphrase protecting your private key.
cat ~/.ssh/id_rsa.pub Display public key to copy to remote servers or GitHub.
ls ~/.ssh List all SSH keys and configuration files.
NEVER share your private key! The private key (~/.ssh/id_rsa or id_ed25519) stays on YOUR machine only. Only share the .pub (public key) file.
Always use a passphrase: If someone steals your private key file without a passphrase, they can access all your servers. A passphrase adds a second layer of protection.
Use Ed25519 for new keys: It's faster, more secure, and uses smaller keys than RSA. Only use RSA if connecting to very old systems.
File permissions matter: Private keys must be chmod 600 (only you can read/write). SSH will refuse to use keys with wrong permissions.
Practice ssh-keygen commands in the interactive terminal below: