How to Generate SSH Key – Beginners Guide

Generate SSH Key

This guide will teach you to generate SSH key for authenticating Linux servers and applications that support SSH protocol using ssh-keygen.

Every DevOps engineer has to use SSH key-based authentication when working with Linux servers. Also, most cloud platforms offer and recommend SSH key-based server authentication for enhanced security


ssh-keygen is the utility to create SSH ssh keys. It is part of every Linux and MAC systems.

You can use the man command below to understand the ssh-keygen utility and all available options.

man ssh-keygen

Or you can refer the ssh-keygen online man page

Lets look at different ways and options to generate SSH keys.

Generate SSH Keys With Default Options

Execute the following ssh-keygen command to generate the SSH key pair. It generates and save the Keys in the default $HOME/.ssh location. By default, the private key is named ad id_rsa and public key is named as


The above command will prompt for the following options.

  1. Enter file in which to save the key:- Local of the SSH private key to be saved. If you dont specify any location, it gets stored the default SSH location. ie, $HOME/.ssh
  2. Enter passphrase: A passphrase is used to protect the SSH private key. You can leave this empty. If you choose to add a passphrase, you will have to enter it again.
SSH key generation

Generate SSH Keys With Custom Options

Lets take a look an example ssh-keygen command to generate SSH keys with custom options.

The following command generates SSH key named ssh-key in the $HOME/.ssh location with username vagrant with -C flag and passphrase mysecret with -q -P flag.

ssh-keygen -t rsa -f ~/.ssh/ssh-key -C vagrant -b 4096 -q -P "mysecret"

Lets understand the flags.

  1. -t rsa: It is the public key algorithm. It is the default algorithm used by ssh-keygen.
  2. -f : keyfile name.
  3. -q -P: To add passphrase without prompt
  4. -b: Key Encryption Level. Default is 2048 bits
  5. -C: To set the comment in the last line of the public key. It is typically used to replace the default username set by the command. You can also use this flag to set the server username.

If you add the Linux username to the key file with -C , you can directly perform ssh without specifying the username in the SSH command.

For example,

ssh -i ~/.ssh/ssh-key

If you dont a want passphrase and create the keys without a passphrase prompt, you can use the flag -q -N as shown below.

ssh-keygen -t rsa -f ~/.ssh/ssh-key -C vagrant -b 2048 -q -N ""

Supported SSH key algorithms

Following are the supported SSH key algorithms.

  1. Rivest-Shamir-Adleman (RSA)
  2. Digital Signature Algorithm (DSA)
  3. Elliptic Curve Digital Signature Algorithm (ecdsa)
  4. Ed25519 – EdDSA signature scheme using SHA-512 (SHA-2) and Curve25519


How do I manually generate SSH keys?

You can manually generate SSK key using he ssh-keygen command. It creates the public and private in the $HOME/.ssh location.

Is it possible to use ssh-keygen to create an SSH key without a password?

Yes. If you leave the passphrase prompt empty, the ssh keys get generated without any password. You can also pass the flag -q -N “” to the ssh-keygen command to avoid the prompt.


In this guide, we looked at important commands to create SSH public/private key pair.

When it comes to SSH keys, always follow the security best practices to avoid private key misuse.

If you are learning linux, checkout the Best Linux Networking and Troubleshooting Commands.

Also, If you are starting your journey as a DevOps Engineer, checkout my comprehensive guide to become a DevOps engineer.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like