What Is ssh-keygen?
ssh-keygen is a tool for creating new SSH public-key key pairs.
SSH Keys and Public Key Authentication
The SSH protocol uses public-key cryptography to authenticate hosts and users. public key authentication as a more secure alternative to the older .rhosts authentication. It improved security by avoiding the need to have a password stored in files, and eliminated the possibility of a compromised server stealing the user's password.
Creating an SSH Key Pair for User Authentication
The simplest way to generate a key pair is to run ssh-keygen without arguments. In this case, it will prompt for the file in which to store the keys
ssh-keygen
Generating public/private RSA key pair.
Enter fullscreen mode
Exit fullscreen mode
First, the tool asked where to save the file. SSH keys for user authentication are usually stored in the user's .ssh directory under the home directory. id_rsa when using the default RSA algorithm. It could also be, for example, id_dsa or id_ecdsa.passphrase . The passphrase is used for encrypting the key, so that it cannot be used even if someone obtains the private key file.
Choosing an Algorithm and Key Size
SSH supports several public key algorithms for authentication keys. These include:
rsa - an old algorithm based on the difficulty of factoring large numbers. A key size of at least 2048 bits is recommended for RSA; 4096 bits is better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm may be advisable. The RSA algorithm may become practically breakable in the foreseeable future. All SSH clients support this algorithm.
dsa - an old US government Digital Signature Algorithm. It is based on the difficulty of computing discrete logarithms. A key size of 1024 would normally be used with it. DSA in its original form is no longer recommended.
ecdsa - a new Digital Signature Algorithm standardized by the US government, using elliptic curves. This is probably a good algorithm for current applications. Only three key sizes are supported: 256, 384, and 521 bits. We would recommend always using it with 521 bits, since the keys are still small and probably more secure than the smaller keys (even though they should be safe as well). Most SSH clients now support this algorithm.
ed25519 - this is a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Thus, its use in general-purpose applications may not yet be advisable.
The algorithm is selected using the -t option and key size using the -b option. The following commands illustrate:
ssh-keygen -t ecdsa -b 521
Enter fullscreen mode
Exit fullscreen mode
Specifying the File Name
Normally, the tool prompts for the file in which to store the key. However, it can also be specified on the command line using the -f <filename> option.
ssh-keygen -f ~/name-key-ecdsa -t ecdsa -b 521
Enter fullscreen mode
Exit fullscreen mode
Key Management Requires Attention
It is easy to create and configure new SSH keys. In the default configuration, OpenSSH allows any user to configure new keys. The keys are permanent access credentials that remain valid even after the user's account has been deleted.
Bibliografia
Further Reading
Check out the other articles in this series:
ssh-agent :
ssh-keygen :
What Is ssh-keygen
<a href="/erixero" class="crayons-avatar crayons-avatar--l ">
<img src="https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3961631%2F3bda9bbb-8de7-466f-a410-f81e413413b6.jpg" alt="erixero profile" class="crayons-avatar__image" loading="lazy" />
</a>
</div>
<div>
<div>
<a href="/erixero" class="crayons-story__secondary fw-medium m:hidden">
Erick Quinteros
</a>
<div class="profile-preview-card relative mb-4 s:mb-0 fw-medium hidden m:inline-block">
<button id="story-author-preview-trigger-3791024" aria-controls="story-author-preview-content-3791024" class="profile-preview-card__trigger fs-s p-1 -ml-1 -my-2 crayons-btn crayons-btn--ghost" aria-label="Erick Quinteros profile details">
Erick Quinteros
</button>
<div
id="story-author-preview-content-3791024"
class="profile-preview-card__content crayons-dropdown branded-7 p-4 pt-0"
style="border-top-color: var(--card-color);"
data-repositioning-dropdown="true"
data-testid="profile-preview-card">
<div class="gap-4 grid">
<div class="-mt-4">
<a href="/erixero" class="flex">
<span class="crayons-avatar crayons-avatar--xl mr-2 shrink-0">
<img
src="https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3961631%2F3bda9bbb-8de7-466f-a410-f81e413413b6.jpg"
class="crayons-avatar__image"
alt=""
loading="lazy" />
</span>
<span class="crayons-link crayons-subtitle-2 mt-5">Erick Quinteros</span>
</a>
</div>
<div class="print-hidden">
<button
class="crayons-btn follow-action-button whitespace-nowrap follow-user w-100"
data-info='{"style":"full","id":3961631,"className":"User","name":"Erick Quinteros"}'>
Follow
</button>
</div>
<div
class="author-preview-metadata-container"
data-author-id="3961631"></div>
</div>
</div>
</div>
</div>
<a href="https://dev.to/erixero/what-is-ssh-keygen-17dl" class="crayons-story__tertiary fs-xs"><time datetime="2026-05-31T20:26:19Z">May 31</time><span class="time-ago-indicator-initial-placeholder" data-seconds="1780259179"></span></a>
</div>
</div>
</div>
<div class="crayons-story__indention">
<h2 class="crayons-story__title crayons-story__title-full_post">
<a href="https://dev.to/erixero/what-is-ssh-keygen-17dl" data-preload-image="" id="article-link-3791024">
What Is ssh-keygen
</a>
</h2>
<div class="crayons-story__tags">
<a class="crayons-tag crayons-tag--monochrome " style="
--tag-bg: rgba(64, 78, 211, 0.10);
--tag-prefix: #404ED3;
--tag-bg-hover: rgba(64, 78, 211, 0.10);
--tag-prefix-hover: #404ED3;
" href="/t/ssh"><span class="crayons-tag__prefix">#</span>ssh</a>
<a class="crayons-tag crayons-tag--monochrome " style="
--tag-bg: rgba(64, 78, 211, 0.10);
--tag-prefix: #404ED3;
--tag-bg-hover: rgba(64, 78, 211, 0.10);
--tag-prefix-hover: #404ED3;
" href="/t/keygen"><span class="crayons-tag__prefix">#</span>keygen</a>
<a class="crayons-tag crayons-tag--monochrome " style="
--tag-bg: rgba(64, 78, 211, 0.10);
--tag-prefix: #404ED3;
--tag-bg-hover: rgba(64, 78, 211, 0.10);
--tag-prefix-hover: #404ED3;
" href="/t/authentication"><span class="crayons-tag__prefix">#</span>authentication</a>
<a class="crayons-tag crayons-tag--monochrome " style="
--tag-bg: rgba(64, 78, 211, 0.10);
--tag-prefix: #404ED3;
--tag-bg-hover: rgba(64, 78, 211, 0.10);
--tag-prefix-hover: #404ED3;
" href="/t/cheatsheet"><span class="crayons-tag__prefix">#</span>cheatsheet</a>
</div>
<div class="crayons-story__bottom">
<div class="crayons-story__details">
<a href="https://dev.to/erixero/what-is-ssh-keygen-17dl#comments" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left flex items-center" aria-label="Add a comment to post - What Is ssh-keygen">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" role="img" aria-labelledby="a2aok64tc47e7wfcva05mdxoh8wf4e40" class="crayons-icon"><title id="a2aok64tc47e7wfcva05mdxoh8wf4e40">Comments</title><path d="M10.5 5h3a6 6 0 110 12v2.625c-3.75-1.5-9-3.75-9-8.625a6 6 0 016-6zM12 15.5h1.5a4.501 4.501 0 001.722-8.657A4.5 4.5 0 0013.5 6.5h-3A4.5 4.5 0 006 11c0 2.707 1.846 4.475 6 6.36V15.5z"></path></svg>
<span class="hidden s:inline">Add Comment</span>
</a>
</div>
<div class="crayons-story__save">
<small class="crayons-story__tertiary fs-xs mr-2">
3 min read
</small>
<button
type="button"
id="article-save-button-3791024"
class="c-btn c-btn--icon-alone bookmark-button"
data-reactable-id="3791024"
data-article-author-id="3961631"
aria-label="Save post What Is ssh-keygen to reading list"
title="Save post What Is ssh-keygen to reading list">
<span class="bm-initial">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" aria-hidden="true"><path d="M6.75 4.5h10.5a.75.75 0 01.75.75v14.357a.375.375 0 01-.575.318L12 16.523l-5.426 3.401A.375.375 0 016 19.607V5.25a.75.75 0 01.75-.75zM16.5 6h-9v11.574l4.5-2.82 4.5 2.82V6z"></path></svg>
</span>
<span class="bm-success">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" aria-hidden="true"><path d="M6.75 4.5h10.5a.75.75 0 01.75.75v14.357a.375.375 0 01-.575.318L12 16.523l-5.426 3.401A.375.375 0 016 19.607V5.25a.75.75 0 01.75-.75z"></path></svg>
</span>
</button>
</div>
</div>
</div>
Enter fullscreen mode
Exit fullscreen mode
known_hosts :
known_hosts
<a href="/erixero" class="crayons-avatar crayons-avatar--l ">
<img src="https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3961631%2F3bda9bbb-8de7-466f-a410-f81e413413b6.jpg" alt="erixero profile" class="crayons-avatar__image" loading="lazy" />
</a>
</div>
<div>
<div>
<a href="/erixero" class="crayons-story__secondary fw-medium m:hidden">
Erick Quinteros
</a>
<div class="profile-preview-card relative mb-4 s:mb-0 fw-medium hidden m:inline-block">
<button id="story-author-preview-trigger-3791248" aria-controls="story-author-preview-content-3791248" class="profile-preview-card__trigger fs-s p-1 -ml-1 -my-2 crayons-btn crayons-btn--ghost" aria-label="Erick Quinteros profile details">
Erick Quinteros
</button>
<div
id="story-author-preview-content-3791248"
class="profile-preview-card__content crayons-dropdown branded-7 p-4 pt-0"
style="border-top-color: var(--card-color);"
data-repositioning-dropdown="true"
data-testid="profile-preview-card">
<div class="gap-4 grid">
<div class="-mt-4">
<a href="/erixero" class="flex">
<span class="crayons-avatar crayons-avatar--xl mr-2 shrink-0">
<img
src="https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3961631%2F3bda9bbb-8de7-466f-a410-f81e413413b6.jpg"
class="crayons-avatar__image"
alt=""
loading="lazy" />
</span>
<span class="crayons-link crayons-subtitle-2 mt-5">Erick Quinteros</span>
</a>
</div>
<div class="print-hidden">
<button
class="crayons-btn follow-action-button whitespace-nowrap follow-user w-100"
data-info='{"style":"full","id":3961631,"className":"User","name":"Erick Quinteros"}'>
Follow
</button>
</div>
<div
class="author-preview-metadata-container"
data-author-id="3961631"></div>
</div>
</div>
</div>
</div>
<a href="https://dev.to/erixero/knownhosts-40f0" class="crayons-story__tertiary fs-xs"><time datetime="2026-05-31T21:31:02Z">May 31</time><span class="time-ago-indicator-initial-placeholder" data-seconds="1780263062"></span></a>
</div>
</div>
</div>
<div class="crayons-story__indention">
<h2 class="crayons-story__title crayons-story__title-full_post">
<a href="https://dev.to/erixero/knownhosts-40f0" data-preload-image="" id="article-link-3791248">
known_hosts
</a>
</h2>
<div class="crayons-story__tags">
<a class="crayons-tag crayons-tag--monochrome " style="
--tag-bg: rgba(64, 78, 211, 0.10);
--tag-prefix: #404ED3;
--tag-bg-hover: rgba(64, 78, 211, 0.10);
--tag-prefix-hover: #404ED3;
" href="/t/ssh"><span class="crayons-tag__prefix">#</span>ssh</a>
<a class="crayons-tag crayons-tag--monochrome " style="
--tag-bg: rgba(64, 78, 211, 0.10);
--tag-prefix: #404ED3;
--tag-bg-hover: rgba(64, 78, 211, 0.10);
--tag-prefix-hover: #404ED3;
" href="/t/knownhosts"><span class="crayons-tag__prefix">#</span>knownhosts</a>
<a class="crayons-tag crayons-tag--monochrome " style="
--tag-bg: rgba(64, 78, 211, 0.10);
--tag-prefix: #404ED3;
--tag-bg-hover: rgba(64, 78, 211, 0.10);
--tag-prefix-hover: #404ED3;
" href="/t/authentication"><span class="crayons-tag__prefix">#</span>authentication</a>
<a class="crayons-tag crayons-tag--monochrome " style="
--tag-bg: rgba(64, 78, 211, 0.10);
--tag-prefix: #404ED3;
--tag-bg-hover: rgba(64, 78, 211, 0.10);
--tag-prefix-hover: #404ED3;
" href="/t/cheatsheet"><span class="crayons-tag__prefix">#</span>cheatsheet</a>
</div>
<div class="crayons-story__bottom">
<div class="crayons-story__details">
<a href="https://dev.to/erixero/knownhosts-40f0#comments" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left flex items-center" aria-label="Add a comment to post - known_hosts">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" role="img" aria-labelledby="at3bbxl7ghuwf5g66m7401ro8qpimhiu" class="crayons-icon"><title id="at3bbxl7ghuwf5g66m7401ro8qpimhiu">Comments</title><path d="M10.5 5h3a6 6 0 110 12v2.625c-3.75-1.5-9-3.75-9-8.625a6 6 0 016-6zM12 15.5h1.5a4.501 4.501 0 001.722-8.657A4.5 4.5 0 0013.5 6.5h-3A4.5 4.5 0 006 11c0 2.707 1.846 4.475 6 6.36V15.5z"></path></svg>
<span class="hidden s:inline">Add Comment</span>
</a>
</div>
<div class="crayons-story__save">
<small class="crayons-story__tertiary fs-xs mr-2">
3 min read
</small>
<button
type="button"
id="article-save-button-3791248"
class="c-btn c-btn--icon-alone bookmark-button"
data-reactable-id="3791248"
data-article-author-id="3961631"
aria-label="Save post known_hosts to reading list"
title="Save post known_hosts to reading list">
<span class="bm-initial">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" aria-hidden="true"><path d="M6.75 4.5h10.5a.75.75 0 01.75.75v14.357a.375.375 0 01-.575.318L12 16.523l-5.426 3.401A.375.375 0 016 19.607V5.25a.75.75 0 01.75-.75zM16.5 6h-9v11.574l4.5-2.82 4.5 2.82V6z"></path></svg>
</span>
<span class="bm-success">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" aria-hidden="true"><path d="M6.75 4.5h10.5a.75.75 0 01.75.75v14.357a.375.375 0 01-.575.318L12 16.523l-5.426 3.401A.375.375 0 016 19.607V5.25a.75.75 0 01.75-.75z"></path></svg>
</span>
</button>
</div>
</div>
</div>
Enter fullscreen mode
Exit fullscreen mode
Top comments (0)