Roman Chursanov
Back to blog
Oct 29, 2024
3 min read

Mastering SSH Key Generation

Comprehensive guide to generating and deploying SSH keys securely across Windows, macOS, and Linux

Introduction

SSH keys provide a robust, secure method of authentication that significantly enhances your digital security. This guide walks you through generating, configuring, and deploying SSH keys across multiple platforms.

Why SSH Keys Matter

Traditional password-based authentication is vulnerable to:

  • Brute-force attacks
  • Credential interception
  • Repeated login attempts

SSH keys offer:

  • Stronger encryption
  • Protection against password-guessing attacks
  • More secure, key-based authentication
  • Simplified access management

Generating SSH Keys: Cross-Platform Guide

Prerequisites

  • Modern terminal/command prompt
  • OpenSSH (pre-installed on most systems)
  • Internet connection

Key Generation Algorithms

We recommend using these key types:

  1. Ed25519: Modern, high-performance, compact
  2. RSA: Widely supported (4096-bit recommended)

Windows (Multiple Methods)

# Install WSL (Windows Subsystem for Linux)
wsl --install

# Open WSL terminal
ssh-keygen -t ed25519 -C "[email protected]"

Method 2: Git Bash

# Open Git Bash
ssh-keygen -t ed25519 -C "[email protected]"

Method 3: PowerShell (Native OpenSSH)

# Generate ED25519 key
ssh-keygen -t ed25519 -C "[email protected]"

macOS

# Open Terminal
ssh-keygen -t ed25519 -C "[email protected]"

Linux

# Open Terminal
ssh-keygen -t ed25519 -C "[email protected]"

Key Generation Workflow

  1. Run the ssh-keygen command
  2. When prompted for file location, press Enter (default is fine)
  3. Enter a strong passphrase
  • Use a password manager
  • Minimum 16 characters
  • Mix of uppercase, lowercase, numbers, symbols

Key File Protection

  • Private key (id_ed25519): Never share
  • Public key (id_ed25519.pub): Can be distributed

Deploying SSH Keys

Linux Server Deployment

# Copy public key to server
ssh-copy-id -i ~/.ssh/id_ed25519.pub username@server_ip

# Manual method
# 1. Copy key contents
cat ~/.ssh/id_ed25519.pub

# 2. On server, add to authorized_keys
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "PASTE_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

GitHub Deployment

Method 1: Web Interface

  1. Copy public key
cat ~/.ssh/id_ed25519.pub
  1. GitHub → Settings → SSH Keys → New SSH Key
  2. Paste key, add descriptive title

Method 2: GitHub CLI

# Install GitHub CLI
# Debian/Ubuntu
sudo apt install gh

# macOS
brew install gh

# Add SSH key
gh auth login
ssh-add -K ~/.ssh/id_ed25519
gh ssh-key add ~/.ssh/id_ed25519.pub

Advanced Security Configurations

SSH Config Hardening (~/.ssh/config)

Host *
    AddKeysToAgent yes
    UseKeychain yes
    IdentityFile ~/.ssh/id_ed25519
    ServerAliveInterval 60
    ServerAliveCountMax 3

Key Management Tips

  • Rotate keys annually
  • Use different keys for different services
  • Store private keys securely
  • Consider hardware security keys

Troubleshooting Common Issues

Key Permissions

# Fix key permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub

Security Warning

  • Never share your private key
  • Use strong, unique passphrases
  • Enable two-factor authentication where possible
Prev
Linux Server Security Hardening Guide
Next
Linux Server Security Hardening Guide