How to Generate SSH Key in Ubuntu

This article provides a straightforward guide on how to generate a new SSH key pair on an Ubuntu Linux system. You will learn the exact command to run, the differences between the key types, and the step-by-step process of saving your secure keys.

The primary command used to generate a new SSH key pair on Ubuntu is ssh-keygen.

The Recommended Command

For the best security and performance, it is highly recommended to use the Ed25519 algorithm. To generate an Ed25519 SSH key pair, open your terminal and run the following command:

ssh-keygen -t ed25519 -C "your_email@example.com"

If you are interacting with an older system that does not support Ed25519, you can generate a high-security RSA key pair instead using this command:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Command Flags Explained

• ssh-keygen: The native utility tool used to create, manage, and convert authentication keys.
• -t: Specifies the type of key to create (e.g., ed25519 or rsa).
• -b: Specifies the number of bits in the key (e.g., 4096 for RSA). Ed25519 keys have a fixed length and do not require this flag.
• -C: Adds a custom comment to the key (usually an email address) to help identify it.

Step-by-Step Generation Process

After executing the command, the system will prompt you with a few setup questions:

1. Save Location: The terminal will display: Enter file in which to save the key (/home/username/.ssh/id_ed25519): Press Enter to accept the default file location.

2. Passphrase: Next, you will be prompted to enter a passphrase: Enter passphrase (empty for no passphrase): Type a secure passphrase and press Enter. You will be asked to confirm it by typing it again. While optional, adding a passphrase is highly recommended to protect your key if your local machine is compromised.

Once the process is complete, your system will display a key fingerprint and a randomart image, confirming that your key pair has been generated.

Locating Your SSH Keys

The generation process creates two files in your ~/.ssh/ directory:

• Private Key (id_ed25519 or id_rsa): This is your private key. It must remain secure on your local computer. Never share this file.
• Public Key (id_ed25519.pub or id_rsa.pub): This is your public key. You upload this key to remote servers, GitHub, GitLab, or other services you wish to access securely.