Knowledge

How to generate an SSH key

#Security

Here is how to generate an SSH key pair on Linux, macOS, or Windows and add the public key to a server, GitHub, or GitLab.

Published by Mark van Eijk on June 23, 2026 · 1 minute read

  1. Generate the key pair
  2. Where the files end up
  3. Add the key to the ssh-agent
  4. Copy the public key to a server
  5. Add the key to GitHub or GitLab
  6. If the connection is rejected

If you're not sure what an SSH key is or how it works, start with what is an SSH key. Otherwise, here's how to make one.

Generate the key pair

Use ssh-keygen with the modern ed25519 algorithm. The comment (-C) is just a label to help you recognise the key later:

ssh-keygen -t ed25519 -C "you@example.com"

You'll be asked where to save the key (press Enter for the default ~/.ssh/id_ed25519) and for an optional passphrase. A passphrase encrypts your private key on disk — recommended for laptops.

If you need to support older systems that don't speak ed25519, generate an RSA key instead:

ssh-keygen -t rsa -b 4096 -C "you@example.com"

Where the files end up

The command creates two files in ~/.ssh:

  • id_ed25519 — your private key. Never share or copy this off your machine.
  • id_ed25519.pub — your public key. This is the one you hand out.

Add the key to the ssh-agent

The agent keeps your unlocked key in memory so you don't retype the passphrase every time:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

Copy the public key to a server

The easiest way to install your public key on a server is ssh-copy-id:

ssh-copy-id user@your-server

This appends your public key to the server's ~/.ssh/authorized_keys. From then on you can log in without a password:

ssh user@your-server

If ssh-copy-id isn't available, print the public key and paste it into ~/.ssh/authorized_keys on the server yourself:

cat ~/.ssh/id_ed25519.pub

Add the key to GitHub or GitLab

Copy the public key to your clipboard, then paste it into Settings → SSH and GPG keys (GitHub) or Preferences → SSH Keys (GitLab):

# macOS
pbcopy < ~/.ssh/id_ed25519.pub

# Linux (X11)
xclip -sel clip < ~/.ssh/id_ed25519.pub

Test the connection afterwards:

ssh -T git@github.com

If the connection is rejected

If the server or service refuses your key, the fixes are in SSH Permission denied (publickey) and, for GitHub specifically, GitHub Permission denied (publickey).

Subscribe to our newsletter

Do you want to receive regular updates with fresh and exclusive content to learn more about web development, hosting, security and performance? Subscribe now!

Related articles

How to extract private key from PFX file

Here is how to generate an SSH key pair on Linux, macOS, or Windows and add the public key to a server, GitHub, or GitLab.

Read more →

How to extract the certificate from a PFX file

Here is how to generate an SSH key pair on Linux, macOS, or Windows and add the public key to a server, GitHub, or GitLab.

Read more →