How to generate SSH private/public keys.

SSH  keys can be used for authentication on remote servers instead of login/password. 

In order to generate a new set of Private/Public SSH Keys use the following command:

ssh-keygen -t rsa -b 4096 -C ""

Public key can be shared, while Private key must be held securely and never shared. 


  • If a Key pair with ES256 algorithm is required -- use the following commands to generate:
openssl ecparam -name prime256v1 -genkey -noout -out my-private-ec.pem
openssl ec -in my-private-ec.pem -pubout > my-public-ec.pem


  • If an EdDSA Key pair with ed25519 algorithm is required -- the following commands must be used to generate the Private key and then extract the Public key:
openssl genpkey -algorithm ed25519 -outform PEM -out my-private-key.pem
openssl pkey -in my-private-key.pem -pubout > my-public-key.pem


Note: openssl version 3 is required to generate and use EdDSA keys. Latest Mac OS is usually equipped with openssl version 2 by default. Run this command to check the openssl version:

openssl version

If it is required to upgrade openssl to version 3. Install the latest OpenSSL using brew:

brew install openssl

if brew is not installed use this command to install brew first, then retry the previous command:

$ /usr/bin/ruby -e "$(curl -fsSL"

create an alias in you shell to invoke the openssl version 3 in your terminal instead of original openssl 2. Edit your ~/.bashrc file (or ~/.zshrc for zsh shell) add this line:

alias openssl=/usr/local/opt/openssl/bin/openssl

Restart the terminal and check the openssl version.  Now you should be able to generate Private/Public Keys with ed25519 algorithm.



Was this article helpful?
0 out of 0 found this helpful