Knowledge

What is an SSH key

#Security

An SSH key is a pair of cryptographic keys used to log in to servers and services without a password. The public key lives on the server, the private key stays on your machine, and only the two together grant access.

Published by Mark van Eijk on June 23, 2026 · 1 minute read

  1. How SSH keys work
  2. Why use keys instead of passwords
  3. Key types
  4. Where SSH keys live
  5. Generate a key

How SSH keys work

An SSH key comes as a pair: a private key and a public key. They are generated together and are mathematically linked.

  • The private key stays on your computer and is never shared. Treat it like a password.
  • The public key is copied to any server or service you want to access.

When you connect, the server uses your public key to issue a challenge that only the matching private key can answer. Your private key never leaves your machine, and no secret is sent over the network. If the answer checks out, you're in.

Why use keys instead of passwords

  • More secure — a 256-bit key is effectively impossible to brute-force, unlike a typed password.
  • No password prompts — once set up, connections are automatic, which makes scripting and deployments painless.
  • Easy to revoke — remove one public key from a server to cut off one machine, without changing anything else.

This is why password authentication is often disabled entirely on hardened servers. See optimizing web application and server security for the bigger picture.

Key types

When you generate a key you choose an algorithm. In 2026 the recommendation is simple:

  • ed25519 — fast, secure, and short. Use this unless you have a specific reason not to.
  • rsa — still fine at 4096 bits, and the most widely compatible with older systems.
  • ecdsa — supported, but ed25519 is the better modern choice.

Where SSH keys live

On your machine, keys are stored in ~/.ssh:

  • ~/.ssh/id_ed25519 — your private key.
  • ~/.ssh/id_ed25519.pub — your public key.

On a server, the public keys that are allowed to log in to an account are listed in that account's ~/.ssh/authorized_keys file.

Generate a key

Creating a key takes one command:

ssh-keygen -t ed25519 -C "you@example.com"

For the full walkthrough — including copying the key to a server and adding it to GitHub — see how to generate an SSH key.

If the server rejects your key when you connect, the cause is almost always covered in SSH Permission denied (publickey).

Subscribe to our newsletter

Do you want to receive regular updates with fresh and exclusive content to learn more about web development, hosting, security and performance? Subscribe now!

Related articles

How to extract private key from PFX file

An SSH key is a pair of cryptographic keys used to log in to servers and services without a password. The public key lives on the server, the private key stays on your machine, and only the two together grant access.

Read more →

How to extract the certificate from a PFX file

An SSH key is a pair of cryptographic keys used to log in to servers and services without a password. The public key lives on the server, the private key stays on your machine, and only the two together grant access.

Read more →