How to generate SSH keys with ssh-keygen - Rocketeers app

  [ Rocketeers ](/)   

[Login](https://rocketeersapp.com/login) 

 On this page

 Knowledge
---------

How to generate SSH keys with ssh-keygen
========================================

### [\#CommandLine](https://rocketeersapp.com/knowledge/command-line)

Generate SSH keys with ssh-keygen, choose ed25519 over RSA, copy your public key to a server, load it into ssh-agent, and add it to GitHub.

 Published by [Mark van Eijk](https://rocketeersapp.com/author/mark-van-eijk) on June 23, 2026 · 2 minute read

1. [Why you want SSH keys](#content-why-you-want-ssh-keys)
2. [Generating a key with ssh-keygen](#content-generating-a-key-with-ssh-keygen)
3. [Passphrase or no passphrase](#content-passphrase-or-no-passphrase)
4. [Where the keys live](#content-where-the-keys-live)
5. [Copying the public key to a server](#content-copying-the-public-key-to-a-server)
6. [Adding the key to ssh-agent](#content-adding-the-key-to-ssh-agent)
7. [Adding the key to GitHub](#content-adding-the-key-to-github)

[\#](#content-why-you-want-ssh-keys "Permalink")Why you want SSH keys
---------------------------------------------------------------------

Typing a password every time you connect to a server gets old fast, and passwords are the weaker link anyway. SSH keys give you a passwordless, far more secure login: you keep a private key on your machine, hand the matching public key to the server, and SSH proves you own the pair without ever sending a secret over the wire. Once they're set up, [connecting to a server](/connect-to-server-ssh-command) and pushing to Git just work.

[\#](#content-generating-a-key-with-ssh-keygen "Permalink")Generating a key with ssh-keygen
-------------------------------------------------------------------------------------------

`ssh-keygen` ships with every Linux distro and macOS. The modern, recommended command is:

 ```
ssh-keygen -t ed25519 -C "you@example.com"

```

- `-t ed25519` picks the Ed25519 algorithm. It's fast, secure, and produces short keys. Use this unless something old refuses to accept it.
- `-C "you@example.com"` adds a comment, usually your email, so you can recognize the key later in a list of authorized keys.

If you're stuck talking to ancient hardware or legacy software that doesn't speak Ed25519, fall back to RSA with a large key size:

 ```
ssh-keygen -t rsa -b 4096 -C "you@example.com"

```

[\#](#content-passphrase-or-no-passphrase "Permalink")Passphrase or no passphrase
---------------------------------------------------------------------------------

`ssh-keygen` asks for a passphrase. My advice: set one. It encrypts the private key on disk, so a stolen laptop doesn't hand over your servers. The minor inconvenience of typing it is solved by `ssh-agent` (below), which remembers it for your session. Press Enter twice for no passphrase only on throwaway or fully automated keys.

[\#](#content-where-the-keys-live "Permalink")Where the keys live
-----------------------------------------------------------------

By default the keys land in `~/.ssh/`:

- `~/.ssh/id_ed25519` is your **private** key. Never share it, never commit it, never copy it off the machine.
- `~/.ssh/id_ed25519.pub` is your **public** key. This is the safe one you give to servers and GitHub.

You can view the public key any time:

 ```
cat ~/.ssh/id_ed25519.pub

```

[\#](#content-copying-the-public-key-to-a-server "Permalink")Copying the public key to a server
-----------------------------------------------------------------------------------------------

The cleanest way to authorize your key on a server is `ssh-copy-id`. It appends your public key to the server's `~/.ssh/authorized_keys` for you:

 ```
ssh-copy-id user@host

```

It'll ask for your password one last time. After that, `ssh user@host` logs you in with the key. If `ssh-copy-id` isn't available (it's missing on some macOS setups), you can do it manually:

 ```
cat ~/.ssh/id_ed25519.pub | ssh user@host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

```

If the server still asks for a password or rejects the key, the [SSH permission denied (publickey) guide](/ssh-permission-denied-publickey) walks through the usual causes.

[\#](#content-adding-the-key-to-ssh-agent "Permalink")Adding the key to ssh-agent
---------------------------------------------------------------------------------

`ssh-agent` holds your decrypted key in memory so you only type the passphrase once per session. Start it and add your key:

 ```
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

```

On macOS, store the passphrase in the Keychain so it persists across reboots:

 ```
ssh-add --apple-use-keychain ~/.ssh/id_ed25519

```

[\#](#content-adding-the-key-to-github "Permalink")Adding the key to GitHub
---------------------------------------------------------------------------

To push and pull over SSH, GitHub needs your public key. Copy it to your clipboard:

 ```
# macOS
pbcopy