Secure Shell is one of the most commonly used protocols for securing connections on remote servers. So instead of solely relying on traditional passwords, which are prone to vulnerability, it is better to use SSH keys that are a more secure and convenient authentication method.
To generate SSH key in Linux is pretty simple that enhances security and simplifies remote access.
What is an SSH Key in Linux?
An SSH key in Linux is a pair of cryptographic keys, one private and the other is public, which is used to secure authentication while connecting to remote servers.
- Private key: must remain safely on your local machine
- Public key: copied to the remote server
When you connect using the SSH keys, the server will verify the pair and allow you to login without a password.
Why Generate SSH Key in Linux?
To generate SSH key in Linux is important for several factors:
- Stronger security than password based authentication.
- Higher convenience while logging in.
- Useful for automatic scripts, Git operations, and server management.
- It has excellent remote access options, which makes it widely usable by developers, system admins, and DevOps teams for managing servers.
Basic Syntax to Generate SSH Key in Linux
The most basic command to generate SSH key in Linux is:
Get exclusive access to all things tech-savvy, and be the first to receive
the latest updates directly in your inbox.
ssh-keygen -t rsa -b 4096 -C “[email protected]”
- -t rsa → specifies the key type (RSA in this case).
- -b 4096 → defines the key size in bits (larger means stronger).
- -C “[email protected]” → adds a label/comment to help identify the key.
You can also generate Ed25519 keys (a modern, faster, and more secure alternative to RSA):
ssh-keygen -t ed25519 -C “[email protected]”
Related Article: Enabling SSH on Ubuntu: A Comprehensive Guide for Secure Remote Access
Steps to Generate SSH Key in Linux
Here is how you can generate SSH key in Linux easily.
- Check for Existing SSH Keys
Check for existing SSH keys before you create a new one by running: ls -al ~/.ssh
You should look for files like:
- id_rsa and id_rsa.pub (RSA key pair)
- id_ed25519 and id_ed25519.pub (Ed25519 key pair)
If you find keys on your system, you should use them before generating new ones.
- Generate a New SSH Key Pair
If you find no existing keys, then work on generating news ones by running this command:
ssh-keygen -t rsa -b 4096 -C “[email protected]”
- -t → specifies the algorithm (e.g., rsa, ed25519).
- -b → defines the key length (e.g., 4096 bits for strong RSA keys).
- -C → adds a comment/label (like your email).
- Specify Key Type and Size
You can choose between:
- RSA (4096 bits): ssh-keygen -t rsa -b 4096 -C “[email protected]”
- Ed25519 (recommended for modern systems): ssh-keygen -t ed25519 -C “[email protected]“
The Ed25519 keys are shorter and faster.
- Save and Secure the Private Key
When prompted:
Enter file in which to save the key (/home/username/.ssh/id_rsa):
- Press Enter if you want to use the default position.
- Alternatively, provide a passphrase for extra security (recommended).
Your keys will be stored in either private ~/.ssh/id_rsa or ~/.ssh/id_ed25519 or public ~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub key.
- Copy Public Key to Remote Server
Now enable permissions for passwordless login and copy the public key to the remote server:
ssh-copy-id user@remote_host
If ssh-copy-id is not available, you can manually copy the key:
cat ~/.ssh/id_rsa.pub | ssh user@remote_host “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”
Now, test the connection:
ssh user@remote_host
At this point, you should be able to login without the password.
Common Options When Generating SSH Keys in Linux
While generating SSH keys on Linux, you can customize them with whatever options you need to enhance security, usability, and compatibility. Here are a few of the most common choices:
- RSA vs. Ed25519 Keys
Select the keys that best suit your requirements:
- RSA (Rivest–Shamir–Adleman):
It is widely supported across all systems, where the recommended size is 2048 bits minimum, but optimal size is 4096 bits for strong security.
Command example:
ssh-keygen -t rsa -b 4096 -C “[email protected]“
- Ed25519:
It is the new, faster, and more secure version of SSH keys, which generates shorter keys for quick authentication. It is also supported by most modern Linux distros and servers.
Command example:
ssh-keygen -t ed25519 -C “[email protected]”
- Passphrase Usage
Adding a passphrase to your private SSH keys provides an extra layer of protection, so even if someone gets a hold of the key, they cannot use it without the passphrase. You will be prompted for the passphrase whenever you use the key.
Command example:
ssh-keygen -t ed25519 -C “[email protected]”
- File Path Selection
By default, SSH keys are saved in the .ssh directory, which is saved inside your home folder.
- Private key → ~/.ssh/id_rsa or ~/.ssh/id_ed25519
- Public key → ~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub
You can also specify a custom path, when you generate an SSH key in Linux.
ssh-keygen -t rsa -b 4096 -f ~/.ssh/my_custom_key -C “[email protected]”
This would help you out, if you manage multiple keys for different servers or if you do not want to overwrite an existing key. Make sure that the .ssh folder and the private keys have restricted permissions.
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_*
Verifying Your SSH Key in Linux
Once you are done generating the SSH keys, you should verify if they are working properly or not. Here is how you can do it.
- First display a list of all your keys by running: ls -l ~/.ssh/. This would list all your private (id_rsa, id_ed25519) and public (.pub) keys.
- Next, display the public keys by running: cat ~/.ssh/id_ed25519.pub or cat ~/.ssh/id_rsa.pub. This ensures the public key exists and is ready to be copied to a server.
- Test the SSH connection by running: ssh -i ~/.ssh/id_ed25519 user@remote-server
- If the key is correctly configured on the server, you’ll log in without entering the remote account password.
Common Issues When A User Generate SSH Key in Linux (and Fixes)
| Issue | Cause | Fix |
| Permission denied (publickey) | Public key not copied to the server or incorrect permissions | Use ssh-copy-id user@server and ensure .ssh and authorized_keyspermissions are correct (chmod 700 ~/.ssh, chmod 600 ~/.ssh/authorized_keys) |
| Overwriting an existing key | Running ssh-keygenwithout specifying a new file path | Use the -f option to specify a different filename (e.g., ssh-keygen -t ed25519 -f ~/.ssh/my_new_key) |
| Forgotten passphrase | You set a passphrase but forgot it | Generate a new key pair; passphrases cannot be recovered |
| Unsupported key type | Older servers may not support Ed25519 | Generate an RSA key with ssh-keygen -t rsa -b 4096 |
| ssh: Could not resolve hostname | Wrong hostname or DNS issue | Double-check the hostname or use the server’s IP address |
| Bad permissionserror | .ssh directory or key file permissions too open | Run: chmod 700 ~/.ssh and chmod 600 ~/.ssh/id_* |
Conclusion – Generate an SSH Key in Linux
Generating an SSH key in Linux is a super simple process that allows you to improve security and convenience when using remote servers. By creating a key pair, you can easily enable passwordless authentication that is secure and efficient.
FAQs
Do I need a passphrase for my SSH key?
A passphrase adds extra security. Without it, anyone with your private key can access your systems. With it, you’ll need to enter the passphrase before use.
Can I use one SSH key for multiple servers?
Yes. You can use the same SSH key across different servers, though some security experts recommend separate keys for sensitive systems.
How can I check if my SSH key works?
Try connecting to the remote server:ssh user@remote_host
If it logs in without asking for a password, the key works.
