Generating SSH Keys
SSH keys provide a secure, password-free method of authenticating to your server. They use public-key cryptography — you keep a private key on your local machine and place the corresponding public key on the server. This guide covers generating SSH keys on all major platforms.
Why Use SSH Keys?
- Stronger security: SSH keys are virtually impossible to brute-force, unlike passwords
- Convenience: No need to type passwords for every connection
- Automation friendly: Scripts and applications can connect without storing passwords
- Auditable: Each key pair is unique, making it easy to track who accessed the server
Generating Keys on Linux and macOS
Linux and macOS include the ssh-keygen utility by default.
Step 1: Open Terminal
Open your terminal application (Terminal on macOS, or any terminal emulator on Linux).
Step 2: Generate the Key Pair
ssh-keygen -t ed25519 -C "[email protected]"If your system does not support Ed25519, use RSA:
ssh-keygen -t rsa -b 4096 -C "[email protected]"Step 3: Choose a File Location
When prompted, press Enter to accept the default location (~/.ssh/id_ed25519) or specify a custom path.
Step 4: Set a Passphrase (Recommended)
Enter a strong passphrase when prompted. This adds an extra layer of security — even if someone obtains your private key file, they cannot use it without the passphrase.
Tip: Use
ssh-agentto cache your passphrase so you do not have to type it for every connection. Runeval "$(ssh-agent -s)"followed byssh-add ~/.ssh/id_ed25519.
Step 5: Verify the Keys
Two files are created:
~/.ssh/id_ed25519— your private key (keep this secret)~/.ssh/id_ed25519.pub— your public key (safe to share)
View your public key:
cat ~/.ssh/id_ed25519.pubGenerating Keys on Windows
Option A: Windows 10/11 Built-in SSH
Windows 10 and later include OpenSSH. Open PowerShell or Command Prompt:
ssh-keygen -t ed25519 -C "[email protected]"The process is identical to Linux/macOS. Keys are saved to C:\\Users\\YourName\\.ssh\\.
Option B: PuTTYgen
If you use PuTTY as your SSH client:
- Download and install PuTTY from the official website
- Open PuTTYgen (included with PuTTY)
- Select EdDSA (Ed25519) or RSA (4096 bits) as the key type
- Click Generate
- Move your mouse randomly over the blank area to generate randomness
- Once generated, enter a passphrase in the Key passphrase field
- Click Save private key to save the
.ppkfile - Copy the text from the "Public key for pasting" box — this is your public key
Tip: PuTTY uses
.ppkformat for private keys. If you need OpenSSH format, use PuTTYgen's Conversions > Export OpenSSH key menu option.
Adding Your Public Key to the Server
Once you have generated your key pair, copy the public key to your server:
From Linux/macOS
ssh-copy-id username@your-server-ipThis automatically appends your public key to the server's ~/.ssh/authorized_keys file.
Manual Method (Any Platform)
- Copy your public key content
- SSH into your server with your password
- Create the
.sshdirectory if it does not exist:
```
mkdir -p ~/.ssh
chmod 700 ~/.ssh
```
- Append the public key:
```
echo "your-public-key-content" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
```
Key Types Comparison
| Key Type | Security | Speed | Compatibility |
|---|---|---|---|
| Ed25519 | Excellent | Fast | Modern systems |
| RSA 4096 | Very Good | Slower | Universal |
| ECDSA | Good | Fast | Most systems |
Security Best Practices
- Always set a passphrase on your private key
- Never share your private key — only the public key goes on servers
- Use separate keys for different purposes (work, personal, automation)
- Set correct permissions: Private key should be chmod 600,
.sshdirectory should be chmod 700 - Rotate keys periodically — generate new keys annually and remove old ones
Troubleshooting
Permission Denied After Adding Key
- Verify file permissions:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys - Ensure the public key is on its own line in authorized_keys
- Check that the server's sshd_config allows key authentication:
PubkeyAuthentication yes
ssh-keygen Command Not Found
- Windows: Enable OpenSSH via Settings > Apps > Optional Features > Add OpenSSH Client
- Linux: Install with
sudo apt install openssh-clientorsudo yum install openssh-clients
Related Articles
Need help with SSH key setup? Contact our support team at {{SUPPORT_EMAIL}} or open a ticket at {{SUPPORT_URL}}.