RandomKeygen

SSH Key Generation

Demo Only

SSH keys should always be generated locally on your machine. This page provides guidance and terminal commands for secure key generation.

Never generate SSH keys online

SSH private keys must be generated on your local machine and never transmitted over the internet. A compromised private key gives attackers full access to any system where you've added the public key.

Use the terminal commands below to generate keys securely on your own system.

Ed25519 (Recommended)

Ed25519 is a modern, secure algorithm. It's faster and has smaller keys than RSA while providing equivalent security.

Generate Ed25519 key pair

$ssh-keygen -t ed25519 -C "[email protected]"

With custom filename

$ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519_github

Without passphrase (not recommended)

$ssh-keygen -t ed25519 -C "[email protected]" -N ""

RSA (Legacy Compatibility)

Use RSA if you need compatibility with older systems. Always use at least 4096 bits.

Generate RSA 4096-bit key pair

$ssh-keygen -t rsa -b 4096 -C "[email protected]"

With stronger key derivation

$ssh-keygen -t rsa -b 4096 -o -a 100 -C "[email protected]"

View & Copy Public Key

View Ed25519 public key

$cat ~/.ssh/id_ed25519.pub

View RSA public key

$cat ~/.ssh/id_rsa.pub

Copy to clipboard (macOS)

$pbcopy < ~/.ssh/id_ed25519.pub

Copy to clipboard (Linux)

$xclip -sel clip < ~/.ssh/id_ed25519.pub

Example Output

Your public key will look similar to this (this is an example, not a real key):

~/.ssh/id_ed25519.pub (example)
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl [email protected]

Add to SSH Agent

Start SSH agent

$eval $(ssh-agent -s)

Add key to agent

$ssh-add ~/.ssh/id_ed25519

Add to macOS Keychain

$ssh-add --apple-use-keychain ~/.ssh/id_ed25519

SSH key best practices

  • Always use a strong passphrase to protect your private key
  • Use Ed25519 for new keys unless legacy compatibility is required
  • Keep your private key permissions at 600 (chmod 600 ~/.ssh/id_ed25519)
  • Use different keys for different services when possible
  • Rotate keys periodically and remove unused public keys from servers
  • Never share your private key or store it in version control

SSH Config Example

~/.ssh/config
# GitHub
Host github.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_ed25519_github
  AddKeysToAgent yes

# Work server
Host work
  HostName server.company.com
  User deploy
  IdentityFile ~/.ssh/id_ed25519_work
  Port 22