How one can Use SSH-Keygen to Generate an SSH Key on Mac

Strict online security has become a must for many of us, and as malicious operators get smarter, tools and protections need to get stronger to keep up. Secure Shell (SSH) is an encryption protocol that allows you to send data securely by coupling a public key with a private key.

In a variety of situations, including accessing a server remotely or adding security to a Git hosting platform, you may need to generate your own key. Credentials have become an important part of online security, and macOS and the Terminal app make generating an SSH key easy. Let's look at the process.

How to generate an SSH key with SSH-Keygen

The ssh-keygen command can do whatever you need to generate a complete and ready-to-use SSH key. During creation you can specify the algorithm used, the length in bits and other characteristics of your key. You can find more information about these concepts in later sections of this guide.

Related: What Is SSH and What Does It Stand For?

The steps to generate an SSH key in macOS are as follows:

begin terminal from Applications> Utilities or by doing a Spotlight search. Enter the ssh-keygen Command with the desired parameters.

We'll get into variations later, but here is an example of what a typical ssh-keygen command should look like:

ssh-keygen -t ecdsa -b 521

The desired algorithm follows this -T Command, and the required key length comes after the -B Entry. If you exclude -B, ssh-keygen uses the default number of bits for the selected key type. A strong encryption algorithm with a large enough key is most effective at protecting your data.

Press Enter to begin generation progress. Press ENTER again to accept the default file location. You can change this if you want, but in general you want to keep your keys in the suggested folder.

Enter Passphrase when prompted. Although you can leave this field blank, we always recommend protecting your SSH key with a password. Even if no one else should have access to your device, an extra layer of security is always welcome.

Give your Passphrase to complete the process and generate your public and private keys.

macOS stores both keys in the ~ / .ssh / directory. One file contains your SSH public key and another contains your private version, which you should never share with anyone.

If Terminal isn't your thing, there are several other Mac SSH clients out there so you can choose the option that best suits your needs.

Copy an SSH key to add to Git hosting platforms and other locations

Once you have completed the generation process, you can use Terminal to copy your public key for distribution. Also note the file name used during creation. In the example provided, macOS has the public SSH key in the File so this is the location that we need to target.

To copy your public SSH key to the clipboard, do the following:

  1. begin terminal.

  2. Enter the pbcopy < Command with the correct file path, for example: pbcopy <~ / .ssh /

  3. Press Enter, and your public key is copied to your clipboard.

From here you can paste your SSH key everywhere it belongs. Remember that you should only distribute the public key that is stored in the .pub file. Your private key is only for you.

Different SSH key types and sizes

You can use the ssh-keygen command to generate different types and sizes of keys that use different algorithms. First, you should confirm which variant your hosting platform, service or other party recommends before creating your credentials.

We list the most common SSH key types here and explain the properties of each one:

  • RSA: As a widely supported algorithm, RSA is a good choice in many situations. Length is strength, and you should create a key of 2048 or 4096 bits, the former being sufficient and the latter being ideal.
  • ECDSA: As a newer algorithm, ECDSA offers a similar level of security as RSA, but with shorter keys, which results in faster performance. Supported key sizes are 256, 384 and 521 bits.
  • Ed25519: As a new algorithm, Ed25519 improves the security and performance of previous key types. Apple itself uses this authentication method in some cases, including during communication between certain devices. Keys are only 256 bits long and still offer a high level of security.

Related: Common Encryption Types and Why You Shouldn't Create Your Own Ciphers

When generating your SSH key, make sure that you choose the type of algorithm you want after the -T Command.

Useful commands to know while creating an SSH key on Mac

We've discussed the basic components of the ssh-keygen command; However, in some cases, you may want to perform other functions. Here we list some relevant commands and their uses:

  • -T: Use this command to enter the algorithm you want. RSA, ECDSA, and Ed25519 are common and workable options.
  • -B: Indicate your key length by entering the number of bits used. Before entering the -B always check the requirements of the algorithm chosen as some restrictions apply.
  • -P: You can change the passphrase of your key with the -P Command. Just include -P with ssh-keygen, and Terminal requests the file location. Enter the path to the appropriate key and create a new passphrase when prompted.
  • -F: Use the -F Command to direct ssh-keygen to a specific file location.
  • -C: the -C Command adds a comment to your key, which is a useful labeling method.

Besides, the ls Command lists all SSH keys that are stored in the default directory:

ls -al ~ / .ssh

To remove a local SSH key, you can use the rm Command in the terminal, for example:

rm ~ / .ssh / id_ecdsa


rm ~ / .ssh /

Finally, to access a full list of commands, the following input shows all of the options available along with additional information:

Man ssh-keygen

macOS makes generating SSH keys easy

Generating an SSH key is easy in macOS. Terminal and the ssh-keygen tool can do whatever it takes to design, build and distribute your credentials, so no additional software is required. Just enter the correct commands and ssh-keygen will do the rest.

Commonly used algorithms are RSA, ECDSA and Ed25519, and each type has its own specifications and usable key lengths. During creation, you can provide these details and enter other instructions with the correct commands. After that, you can continue to use the terminal to copy, change and delete your stored keys.

For fun or function, knowing how to generate your own credentials is a valuable skill to learn. As our lives continue to shift online, securing our private data is important and the wise will use every tool available to them.

5 ways to encrypt your everyday life with very little effort

Digital encryption is an essential part of modern life today, it protects your personal data and ensures your security on the Internet.

Continue reading

About the author

Matt Moore
(4 articles published)

Matt is an Australian freelance writer with a degree in creative and critical writing. Before his studies, he worked in technical support and gained valuable insights into the technology and its users. His real passion is storytelling and he hopes to one day write a well-published novel.

By Matt Moore

Subscribe to our newsletter

Subscribe to our newsletter for tech tips, reviews, free e-books, and exclusive offers!

Click here to subscribe

Leave a Reply

Your email address will not be published.