2026 update: This post originally used ssh-keygen -t rsa. The current recommendation (e.g. GitHub’s SSH key guide) is Ed25519 — it produces shorter keys, is faster, and is considered more secure. Use RSA (4096-bit) only as a fallback for systems that don’t support Ed25519.
The -C “your_email@example.com” flag is just a comment/label embedded in the public key — it has no effect on the cryptography. It’s helpful for identifying which key is which when you have several. You can put any string there (or omit -C entirely). 🔐
Assume that your main server (the one you use the most) is ServerA. And from ServerA, you want to automatically login to ServerB. For illustration purpose, ServerB can be a repo server and you don’t want to keep being asked for password everytime you want to commit files.
1. At ServerA issue:
1 | ssh-keygen -t ed25519 -C "your_email@example.com" |
This will create a public + private key for ServerA.
2. Enter (empty) for passphrase
1 2 | Your identification has been saved in /home/ronald/.ssh/id_ed25519. Your public key has been saved in /home/ronald/.ssh/id_ed25519.pub. |
3. Copy over the newly created public key from ServerA to ServerB:
1 | scp .ssh/id_ed25519.pub ronald@ServerB:~/id_ed25519.pub.ServerA |
Note that once the file arrives at ServerB, it named as id_ed25519.pub.ServerA (not id_ed25519.pub), and it will be stored at ronald’s home directory at ServerB.
4. Ssh to ServerB, and issue this command:
1 | cat id_ed25519.pub.ServerA >> .ssh/authorized_keys |
ServerA public key will be merged/appended to ServerB authorized_keys file.
This way everytime you want to access ServerB from ServerA, you won’t be asked for a password. 🎉