ssh-keygen Command: Tutorial & Examples

Generating keys for SSH

The ssh-keygen command is used to generate, manage, and convert authentication keys for ssh ( Secure Shell).

SSH is a network protocol that allows secure remote login to a server from a client. It uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.

While passwords can be easily broken by brute force attacks, SSH keys are nearly impossible to decipher by brute force alone. Using ssh-keygen to set up SSH keys improves security significantly.

Generating SSH keys with ssh-keygen

The most common use for ssh-keygen is creating your SSH key pair. The following command will generate a new SSH key pair with a default key type (RSA), default key size (2048 bits), and no passphrase:


This command will prompt you to enter the file in which to save the key, to which you can hit Enter to accept the default location. The typical output would look something like this:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 user@hostname

Generated keys are stored in your user's ~/.ssh directory with the filenames id_rsa for your private key and for your public key.

Customizing SSH keys

ssh-keygen allows you to customize your SSH keys by specifying the key type, key length, and comment. The following command generates a 4096 bit RSA key:

ssh-keygen -t rsa -b 4096 -C ""

The -t option specifies the key type, the -b option specifies the key length, and the -C option adds a comment.

Managing SSH keys

ssh-keygen can also be used to manage your SSH keys. For example, you can change the passphrase of a key without changing the key itself:

ssh-keygen -p

You will be prompted to enter the file of the key whose passphrase you want to change, and then you will enter the new passphrase.

Common problems

A common problem when dealing with SSH keys is permissions issues. The keys need to be stored with the correct permissions - your private key should be readable and writable only by you, and your public key can be readable by anyone. You can set the permissions using the chmod command:

chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/

Another common issue is forgetting the passphrase of your SSH key. The ssh-keygen -p command can be used to change the passphrase if you have forgotten it.


Understanding how to use the ssh-keygen command is crucial for securing your connections to remote servers. From generating new keys, customizing them, and managing them, ssh-keygen provides all the tools you need. However, like all tools, it must be used correctly to avoid problems. Always remember to protect your private keys and manage your passphrases carefully.

Except where otherwise noted, content on this site is licensed under a CC BY-SA 4.0 license CC BY SA