How to Create SSH Keys on Linux

What is an SSH Key?
#

SSH keys are cryptographic key pairs used for authenticating to remote servers without a password. A key pair consists of:

Private key — stays on your machine, never shared
Public key — placed on servers you want to access

Generating a Key Pair
#

The basic command:

ssh-keygen

This creates a key pair with default settings and saves it to ~/.ssh/id_ed25519 (or ~/.ssh/id_rsa on older systems).

For most use cases, you’ll want to be explicit:

ssh-keygen -t ed25519 -C "mike@workstation"

Key Parameters
#

`-t` — Key Type
#

Specifies the algorithm. Common options:

Type	Command	Notes
Ed25519	`ssh-keygen -t ed25519`	Recommended. Fast, secure, short keys
RSA	`ssh-keygen -t rsa -b 4096`	Widely compatible, use 4096 bits minimum
ECDSA	`ssh-keygen -t ecdsa -b 521`	Good performance, some trust concerns with NIST curves

# Ed25519 (preferred)
ssh-keygen -t ed25519

# RSA with 4096-bit key length
ssh-keygen -t rsa -b 4096

`-b` — Bit Length
#

Sets the key size. Only relevant for RSA and ECDSA:

# RSA: minimum 2048, recommended 4096
ssh-keygen -t rsa -b 4096

# ECDSA: 256, 384, or 521
ssh-keygen -t ecdsa -b 521

Ed25519 has a fixed key size, so -b is ignored.

`-C` — Comment
#

Adds a label to the key (stored in the public key file). Useful for identifying keys:

ssh-keygen -t ed25519 -C "mike@laptop-2026"

`-f` — Output File
#

Specifies where to save the key:

ssh-keygen -t ed25519 -f ~/.ssh/github_key

This creates ~/.ssh/github_key (private) and ~/.ssh/github_key.pub (public).

`-N` — Passphrase
#

Sets the passphrase non-interactively:

# With a passphrase
ssh-keygen -t ed25519 -N "my-secure-passphrase"

# Without a passphrase (use cautiously)
ssh-keygen -t ed25519 -N ""

`-p` — Change Passphrase
#

Change the passphrase on an existing key:

ssh-keygen -p -f ~/.ssh/id_ed25519

Practical Examples
#

Generate a key for GitHub
#

ssh-keygen -t ed25519 -C "your_email@example.com" -f ~/.ssh/github

Then add the public key to GitHub:

cat ~/.ssh/github.pub
# Copy the output and paste it into GitHub → Settings → SSH Keys

Generate a key for a specific server
#

ssh-keygen -t ed25519 -f ~/.ssh/prod_server -C "mike@prod"

Configure ~/.ssh/config to use it automatically:

Host prod
    HostName 192.168.1.100
    User deploy
    IdentityFile ~/.ssh/prod_server

Copy your public key to a server
#

ssh-copy-id -i ~/.ssh/prod_server.pub user@192.168.1.100

Viewing Key Info
#

Check the fingerprint of an existing key:

ssh-keygen -l -f ~/.ssh/id_ed25519.pub

Show the key in a different format:

ssh-keygen -l -E md5 -f ~/.ssh/id_ed25519.pub

Best Practices
#

Use Ed25519 unless you need RSA for compatibility
Always set a passphrase on keys used for sensitive systems
Use ssh-agent so you don’t retype the passphrase constantly
Use separate keys for different services (GitHub, work servers, personal servers)
Set proper permissions: chmod 700 ~/.ssh && chmod 600 ~/.ssh/id_*

What is an SSH Key?#

Generating a Key Pair#

Key Parameters#

-t — Key Type#

-b — Bit Length#

-C — Comment#

-f — Output File#

-N — Passphrase#

-p — Change Passphrase#

Practical Examples#

Generate a key for GitHub#

Generate a key for a specific server#

Copy your public key to a server#

Viewing Key Info#

Best Practices#