Cantech Knowledge Base

Your Go-To Hosting Resource

  1. Linux
  2. How Do I Generate SSH Keys?

How Do I Generate SSH Keys?

Secure Shell (SSH) keys offer a way to authenticate users without entering a password. It is an essential mechanism in modern cybersecurity. Through the installation of an SSH key pair, users can establish an encrypted connection to the servers, whose security is numerically higher than that with passwords but much more efficient for remote access.

In this article, you’ll learn how to generate SSH keys on Linux, MacOS, and Windows so that you can easily establish connections to remote servers and other commercial platforms with full security.

Understanding SSH Keys

SSH keys have two parts: The private key makes its home on your own machine and must therefore be kept secure; the public one makes its home on the server you want to access. Granting you with the right to access from your local machine, the server uses the public key carried with the connection request to confirm you have the right to connect and asks for the private key – a form of establishing an SSH connection without a password.

Generating SSH Keys on Linux and macOS

Linux and macOS come with OpenSSH installed and even offer SSH-keygen utility, using which one can generate SSH keys. To carry an SSH key, follow the steps listed below!

Step 1: Open the Terminal
One can get the terminal application in either the application folder or in system utility section.

Step 2: Generate the Key Pair
Execute the following command, replacing [email protected] with your email address:

ssh-keygen -t ed25519 -C "[email protected]"

Leverage the usage of RSA with a 4096-bit key, if your system does not support the Ed25519 algorithm.

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Step 3: Mention the location of your file.

Enter file in which to save the key (/home/username/.ssh/id_ed25519)

One can just press “Enter” to opt for a different path and choose the default location.

Step 4: Set a Passphrase.
Enter the Passphrase, as it offers an additional layer of security.

Enter passphrase (empty for no passphrase)

Step 5: Completion Message:
Once it is completed, you will see a success message.

Your identification has been saved in /home/username/.ssh/id_ed25519
Your public key has been saved in /home/username/.ssh/id_ed25519.pub

The private key (id_ed25519) and public key (id_ed25519.pub) are now stored in the specified directory.

Generating SSH Keys on Windows

There are two alternatives available to generate SSH keys for Windows users. They can select OpenSSH (available in Windows 10 and later) or via PuTTYgen.

Using OpenSSH in Windows 10 and 11

Step 1: Check OpenSSH installation.
Navigate to Settings > Apps > Optional Features.
Verify that “OpenSSH Client” is installed, or you can simply click on “Add a feature” and complete the installation.

Step 2: Move to PowerShell or Command Prompt.
You simply need to press Win + X and select either of them i.e. PowerShell or Command Prompt.

Step 3: Generate the Key Pair.
ssh-keygen -t ed25519 -C “[email protected]

For RSA:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Step 4: Mention the file location.

Enter file in which to save the key (C:\Users\username/.ssh/id_ed25519):

You need to click “Enter” to offer a custom path or accept the default.

Step 5: Set a Passphrase
You are only required to enter a passphrase.

Step 6: Success Message
Once after completion, the keys are saved in the mentioned directory and receive a success message.

Using PuTTYgen in Windows 10 & 11

Step 1: Download PuTTY
Get the installer from the PuTTY website

Step 2: Install and Run PuTTYgen.
Select PuTTYgen at the time of installation.
From the start menu, launch PuTTYgen.

Step 3: Generate the Key.
Choose the key type as EdDSA and set Ed25519 (255 bits) as the curve.
Simply click “Generate” and add randomness by a single click.

Step 4: Save Keys.
Add a key Passphrase. (Optional)
Click “Save Private Key” and “Save Public Key” to save them.

Adding the SSH Key to the SSH Agent

The SSH agent manages your private keys and offers complete authentication without repeatedly entering passphrases

On Linux and macOS

Step 1: Start the SSH Agent.

eval "$(ssh-agent -s)"

Step 2: Add the SSH Key.

ssh-add ~/.ssh/id_ed25519

Copying the Public Key to the Server

Make sure that you copy the public key to the server for SSH authentication usage.

Using ssh-copy-id
ssh-copy-id username@your-server-ip
Manually Adding the Key

Step 1: To showcase the public key

cat ~/.ssh/id_ed25519.pub

Step 2: Copy and paste it into the ~/.ssh/authorized_keys file on the remote server.

Best Practices for SSH Key

  • Leverage a solid Passphrase for private key protection.
  • Ensure proper key rotation on a timely basis to improve security.
  • Limit the usage of keys by setting predefined IPs in the authorized_keys file.
  • After setting up the SSH keys, you can disable the password authentication.

Conclusion

SSH keys provide a convenient and secure way of authenticating to remote servers. Following this guide, you can generate SSH keys and connect securely from any Linux, macOS, or Windows operating system. Adjuring their security basics will also allow you to protect your credentials.

Frequently Asked Questions

Why should I use SSH keys instead of passwords?

SSH keys, unlike passwords, afford an extra layer of strong security because of their use of cryptographic authentication, thus making them resistant to attacks launched by brute force, compromising very weak passwords.

What happens if I lose my SSH private key?

If the private key is lost, it will be impossible to access the server. Generate a new key and add the public part to the server.

Can I use the same SSH key for multiple servers?

You are required to execute the following command to delete the SSH key from my system:

Is it possible to delete the SSH key from my system?

You are required to execute the following command to delete the SSH key from my system:

rm ~/.ssh/id_ed25519 ~/.ssh/id_ed25519.pub
March 28, 2025