0
0
Linux CLIscripting~5 mins

SSH key generation (ssh-keygen) in Linux CLI - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
SSH keys let you connect securely to other computers without typing a password every time. Generating SSH keys creates a pair of files: one public and one private, which work together to prove who you are.
When you want to log into a remote server without entering your password each time.
When setting up secure communication between your computer and a cloud service.
When automating scripts that need to connect to other machines securely.
When you want to improve security by using keys instead of passwords.
When configuring Git to push code to repositories without typing your password.
Commands
This command creates a new RSA SSH key with 4096 bits and labels it with your email. It starts the process of generating your key pair.
Terminal
ssh-keygen -t rsa -b 4096 -C "user@example.com"
Expected OutputExpected
Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa):
-t rsa - Specifies the type of key to create, here RSA.
-b 4096 - Sets the key length to 4096 bits for stronger security.
-C "user@example.com" - Adds a comment to the key, usually your email, to identify it.
After pressing Enter to accept the default file location, you will be asked to enter a passphrase. You can press Enter twice to skip the passphrase or type one for extra security.
Terminal
ssh-keygen -t rsa -b 4096 -C "user@example.com"
Expected OutputExpected
Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa Your public key has been saved in /home/user/.ssh/id_rsa.pub The key fingerprint is: SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX user@example.com The key's randomart image is: +---[RSA 4096]----+ | .o+*o. | | . +o=+ | | + +o. | | . + . | | . S | | | | | | | | | +----[SHA256]-----+
This command lists the private and public SSH key files to confirm they were created successfully.
Terminal
ls -l ~/.ssh/id_rsa*
Expected OutputExpected
-rw------- 1 user user 3243 Jun 1 12:00 /home/user/.ssh/id_rsa -rw-r--r-- 1 user user 743 Jun 1 12:00 /home/user/.ssh/id_rsa.pub
-l - Shows detailed file information including permissions and size.
This command displays your public SSH key, which you can copy and add to remote servers or services to allow secure access.
Terminal
cat ~/.ssh/id_rsa.pub
Expected OutputExpected
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3... user@example.com
Key Concept

If you remember nothing else from this pattern, remember: ssh-keygen creates a secure pair of keys that let you connect safely without passwords.

Common Mistakes
Not specifying the key type or using weak defaults.
Older defaults may create weaker keys that are less secure.
Always specify a strong key type like RSA with 4096 bits using -t rsa -b 4096.
Saving the key in a non-default location without updating SSH configs.
SSH won't find your key automatically if it's not in the default place.
Either accept the default location or update your SSH config to point to the custom key path.
Leaving the passphrase empty without understanding the risk.
Without a passphrase, if someone gets your private key file, they can use it immediately.
Use a passphrase for extra security unless you have a specific reason not to.
Summary
Use ssh-keygen with -t rsa -b 4096 -C to create a strong SSH key pair.
Confirm the keys are created by listing the files in ~/.ssh directory.
Copy the public key content to remote servers to enable passwordless login.