SSH keys can be used for authentication on remote servers instead of login/password.
In order to generate a new set of Private/Public SSH Keys use the following command:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Public key can be shared, while Private key must be held securely and never shared.
- If a Key pair with ES256 algorithm is required -- use the following commands to generate:
openssl ecparam -name prime256v1 -genkey -noout -out my-private-ec.pem
openssl ec -in my-private-ec.pem -pubout > my-public-ec.pem
- If an EdDSA Key pair with ed25519 algorithm is required -- the following commands must be used to generate the Private key and then extract the Public key:
openssl genpkey -algorithm ed25519 -outform PEM -out my-private-key.pem
openssl pkey -in my-private-key.pem -pubout > my-public-key.pem
Note: openssl version 3 is required to generate and use EdDSA keys. Latest Mac OS is usually equipped with openssl version 2 by default. Run this command to check the openssl version:
openssl version
If it is required to upgrade openssl to version 3. Install the latest OpenSSL using brew:
brew install openssl
if brew is not installed use this command to install brew first, then retry the previous command:
$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
create an alias in you shell to invoke the openssl version 3 in your terminal instead of original openssl 2. Edit your ~/.bashrc file (or ~/.zshrc for zsh shell) add this line:
alias openssl=/usr/local/opt/openssl/bin/openssl
Restart the terminal and check the openssl version. Now you should be able to generate Private/Public Keys with ed25519 algorithm.