🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Home » Learn » Linux Commands » ssh-keygen

ssh-keygen Command

Intermediate SSH & Remote man(1)

Generate SSH key pairs for authentication

👁 12 views 📅 Updated: Mar 15, 2026
SYNTAX
ssh-keygen [OPTION]...

What Does ssh-keygen Do?

ssh-keygen generates, manages, and converts SSH authentication keys. It creates public-private key pairs used for passwordless SSH login, Git authentication, and secure communication.

ssh-keygen supports multiple key types: RSA, Ed25519 (recommended), ECDSA, and DSA (deprecated). Ed25519 keys are shorter, faster, and more secure than RSA.

The generated keys are stored in ~/.ssh/: the private key (e.g., id_ed25519) must be kept secret, and the public key (id_ed25519.pub) is placed on remote servers.

Options & Flags

OptionDescriptionExample
-t Key type (ed25519, rsa, ecdsa) ssh-keygen -t ed25519
-C Comment (usually email) ssh-keygen -t ed25519 -C "user@example.com"
-f Output filename ssh-keygen -t ed25519 -f ~/.ssh/deploy_key
-b Key bits (for RSA) ssh-keygen -t rsa -b 4096
-p Change passphrase ssh-keygen -p -f ~/.ssh/id_ed25519
-R Remove host from known_hosts ssh-keygen -R hostname
-l Show key fingerprint ssh-keygen -l -f ~/.ssh/id_ed25519.pub

Practical Examples

#1 Generate Ed25519 key

Creates an Ed25519 key pair — the recommended type.
$ ssh-keygen -t ed25519 -C "user@example.com"
Output: Generating public/private ed25519 key pair.\nEnter file: ~/.ssh/id_ed25519

#2 Generate RSA key

Creates a 4096-bit RSA key pair.
$ ssh-keygen -t rsa -b 4096 -C "user@example.com"

#3 Generate without passphrase

Creates a key without passphrase — use only for automation.
$ ssh-keygen -t ed25519 -f ~/.ssh/deploy_key -N ""

#4 Show fingerprint

Displays the key fingerprint for verification.
$ ssh-keygen -l -f ~/.ssh/id_ed25519.pub
Output: 256 SHA256:abc123... user@example.com (ED25519)

#5 Change passphrase

Changes the passphrase on an existing key.
$ ssh-keygen -p -f ~/.ssh/id_ed25519

#6 Remove known host

Removes a server from known_hosts (after server rebuild).
$ ssh-keygen -R old-server.example.com

Tips & Best Practices

Use Ed25519: Ed25519 is recommended: faster, shorter keys, and more secure than RSA. ssh-keygen -t ed25519.
Protect private keys: chmod 600 ~/.ssh/id_ed25519. Never share private keys. Use a passphrase unless automated (deploy keys).
Multiple keys: Use -f to create named keys for different purposes: ssh-keygen -f ~/.ssh/github_key. Configure in ~/.ssh/config.

Frequently Asked Questions

How do I generate an SSH key?
ssh-keygen -t ed25519 -C 'your@email.com'. Accept the default location and set a passphrase.
Which key type should I use?
Ed25519 is recommended for all new keys. RSA 4096-bit is acceptable if Ed25519 is not supported.
How do I set up passwordless SSH?
1. ssh-keygen to generate keys. 2. ssh-copy-id user@server to install the public key. 3. ssh user@server works without password.

Related Commands

chmod

Change file and directory permissions

 scp

Securely copy files between hosts over SSH

 ssh

Securely connect to remote servers

 ssh-copy-id

Install your SSH public key on a remote server

More SSH & Remote Commands

rsync

Fast and versatile file synchronization tool

 scp

Securely copy files between hosts over SSH

 sftp

Secure File Transfer Protocol (interactive)

 ssh

Securely connect to remote servers

 ssh-copy-id

Install your SSH public key on a remote server
ssh-copy-id Command 📋 All Commands ss -tulnp Command →

Master Linux with Professional eBooks

Curated IT eBooks covering Linux, DevOps, Cloud, and more

Browse Books →