Network
ssh-keygen
Generate, inspect, and manage SSH keys.
sshkeysecurityauthentication
Additional Notes
ssh-keygen creates and manages SSH key pairs used for passwordless login, Git hosting, automation, deployment, and server administration. It can also show fingerprints, change passphrases, create known-host hashes, and generate key revocation data.
A key pair has a private key and a public key. Keep the private key secret. Copy the public key to servers or services that should trust it.
Syntax
ssh-keygen [options]
ssh-keygen -t type -f keyfile -C comment
Parameters
type: Key type such ased25519orrsa.keyfile: Output private key path. The public key is usually written with.pubappended.comment: Label stored in the public key, often an email or purpose.options: Generation, inspection, conversion, and passphrase flags.
Common Options
-t TYPE: Choose key type.ed25519is a common modern choice.-f FILE: Choose key file path.-C COMMENT: Add or replace a public-key comment.-b BITS: Set key size for key types that use bit length, such as RSA.-N PASSPHRASE: Set a new passphrase non-interactively.-p -f FILE: Change a private key passphrase.-l -f FILE: Show a key fingerprint.-y -f FILE: Print the public key from a private key.
Examples
ssh-keygen -t ed25519 -C "me@example.com"
Create a modern SSH key with a useful comment.
ssh-keygen -t ed25519 -f ~/.ssh/deploy_key -C "deploy key"
Create a named key file for deployment.
ssh-keygen -l -f ~/.ssh/id_ed25519.pub
Show the fingerprint of a public key.
ssh-keygen -y -f ~/.ssh/id_ed25519 > ~/.ssh/id_ed25519.pub
Regenerate the public key from a private key.
ssh-keygen -p -f ~/.ssh/id_ed25519
Change a private key passphrase.
Practical Notes
- Use a passphrase for keys that protect important systems.
- Do not share private keys. Share only
.pubfiles. - Keep permissions strict:
chmod 700 ~/.sshandchmod 600 ~/.ssh/id_*for private keys. - Use
ssh-copy-idor manualauthorized_keysedits to install public keys on servers.