Generating Secure SSH Keys

Creating SSH keys requires careful attention to algorithm selection, key size, and protection mechanisms. The key generation process establishes the cryptographic foundation for all future authentication, making proper configuration essential from the start.

Generate an Ed25519 key pair, currently considered the gold standard for SSH keys:

ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519

For environments requiring RSA keys, ensure adequate key size:

ssh-keygen -t rsa -b 4096 -C "[email protected]" -f ~/.ssh/id_rsa_secure

During key generation, you'll be prompted to set a passphrase. This passphrase encrypts the private key file, adding an additional layer of security. Choose a strong, unique passphrase that differs from your system passwords:

Enter passphrase (empty for no passphrase): [Type strong passphrase]
Enter same passphrase again: [Confirm passphrase]

The key generation process creates two files:

Private key: ~/.ssh/id_ed25519 (or your specified filename)
Public key: ~/.ssh/id_ed25519.pub

Examine your newly created public key:

cat ~/.ssh/id_ed25519.pub
# Output: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... [email protected]