ssh-keygen: Generate ed25519 and RSA Keys
ssh-keygen generates an SSH key pair, writing the private key to a file and the public key to the same name with .pub.
Every SSH deploy starts with a key pair. ed25519 is the modern default; RSA at 4096 bits remains compatible everywhere. The flags below make generation fully non-interactive.
What it does
ssh-keygen creates a private/public key pair for the chosen algorithm. -t picks the type, -f names the output file, -C sets a comment, and -N sets the passphrase. The public key is written to <file>.pub.
Common usage
# modern default: ed25519, no passphrase, named file
ssh-keygen -t ed25519 -C "deploy@ci" -f ./deploy_key -N ""
# RSA 4096 for maximum compatibility
ssh-keygen -t rsa -b 4096 -C "deploy@ci" -f ./deploy_key -N ""Options
| Flag | What it does |
|---|---|
| -t <type> | Key type: ed25519, rsa, ecdsa |
| -b <bits> | Key size in bits (RSA: 4096; ignored for ed25519) |
| -C <comment> | Comment appended to the public key |
| -f <file> | Output filename (public key gets .pub) |
| -N <phrase> | Passphrase ("" for none) |
| -q | Quiet output |
In CI
Always pass -f and -N "" so generation never prompts. ed25519 keys are short and fast and are supported by all current hosts; choose rsa -b 4096 only for legacy targets. The matching .pub goes into the server's authorized_keys.
Common errors in CI
Without -f, ssh-keygen prompts "Enter file in which to save the key" and hangs. "<file> already exists. Overwrite (y/n)?" hangs too if the file exists; remove it or write to a fresh path. "Saving key "<file>" failed: Permission denied" means the target directory is not writable; use a writable workspace path.