What is an SSH key - Rocketeers app [ Rocketeers ](/) [Login](https://rocketeersapp.com/login) On this page Knowledge --------- What is an SSH key ================== ### [\#Security](https://rocketeersapp.com/knowledge/security) An SSH key is a pair of cryptographic keys used to log in to servers and services without a password. The public key lives on the server, the private key stays on your machine, and only the two together grant access. Published by [Mark van Eijk](https://rocketeersapp.com/author/mark-van-eijk) on June 23, 2026 · 1 minute read 1. [How SSH keys work](#content-how-ssh-keys-work) 2. [Why use keys instead of passwords](#content-why-use-keys-instead-of-passwords) 3. [Key types](#content-key-types) 4. [Where SSH keys live](#content-where-ssh-keys-live) 5. [Generate a key](#content-generate-a-key) [\#](#content-how-ssh-keys-work "Permalink")How SSH keys work ------------------------------------------------------------- An SSH key comes as a **pair**: a private key and a public key. They are generated together and are mathematically linked. - The **private key** stays on your computer and is never shared. Treat it like a password. - The **public key** is copied to any server or service you want to access. When you connect, the server uses your public key to issue a challenge that only the matching private key can answer. Your private key never leaves your machine, and no secret is sent over the network. If the answer checks out, you're in. [\#](#content-why-use-keys-instead-of-passwords "Permalink")Why use keys instead of passwords --------------------------------------------------------------------------------------------- - **More secure** — a 256-bit key is effectively impossible to brute-force, unlike a typed password. - **No password prompts** — once set up, connections are automatic, which makes scripting and deployments painless. - **Easy to revoke** — remove one public key from a server to cut off one machine, without changing anything else. This is why password authentication is often disabled entirely on hardened servers. See [optimizing web application and server security](/optimize-web-application-security) for the bigger picture. [\#](#content-key-types "Permalink")Key types --------------------------------------------- When you generate a key you choose an algorithm. In 2026 the recommendation is simple: - **ed25519** — fast, secure, and short. Use this unless you have a specific reason not to. - **rsa** — still fine at 4096 bits, and the most widely compatible with older systems. - **ecdsa** — supported, but ed25519 is the better modern choice. [\#](#content-where-ssh-keys-live "Permalink")Where SSH keys live ----------------------------------------------------------------- On your machine, keys are stored in `~/.ssh`: - `~/.ssh/id_ed25519` — your private key. - `~/.ssh/id_ed25519.pub` — your public key. On a server, the public keys that are allowed to log in to an account are listed in that account's `~/.ssh/authorized_keys` file. [\#](#content-generate-a-key "Permalink")Generate a key ------------------------------------------------------- Creating a key takes one command: ``` ssh-keygen -t ed25519 -C "you@example.com" ``` For the full walkthrough — including copying the key to a server and adding it to GitHub — see [how to generate an SSH key](/generate-ssh-key). If the server rejects your key when you connect, the cause is almost always covered in [SSH Permission denied (publickey)](/ssh-permission-denied-publickey). ### Subscribe to our newsletter Do you want to receive regular updates with fresh and exclusive content to learn more about web development, hosting, security and performance? Subscribe now! Fill in your email address to receive updates Subscribe #### More in [\#Security](https://rocketeersapp.com/knowledge/security) - [How to extract the certificate from a PFX file](https://rocketeersapp.com/knowledge/extract-certificate-from-pfx-file) - [How to extract private key from PFX file](https://rocketeersapp.com/knowledge/extract-private-key-from-pfx-file) - [How to optimize web application security](https://rocketeersapp.com/knowledge/optimize-web-application-security) - [How to get A+ grade SSL using Cloudflare](https://rocketeersapp.com/knowledge/a-plus-grade-ssl-using-cloudflare) - [How to setup OpenClaw securely on your own VPS](https://rocketeersapp.com/knowledge/setup-openclaw-vps-securely) - [How to generate a CSR with OpenSSL](https://rocketeersapp.com/knowledge/generate-csr-with-openssl) [View all 15 articles →](https://rocketeersapp.com/knowledge/security)