Short answer: Open a terminal (PowerShell on Windows, Terminal on macOS/Linux) and run ssh-keygen -t ed25519 -C "your_email@example.com". Press Enter to accept the default file location, optionally set a passphrase, and you’ll have a private key (id_ed25519) and a public key (id_ed25519.pub) in your .ssh folder. Copy the .pub file’s contents anywhere you need key-based login — GitHub, GitLab, or a server.
The rest of this guide covers the exact commands for each operating system, where the files end up, and how to actually use the key once it’s created.
What is an SSH key and why use one?
An SSH key is a cryptographic key pair used to log in to servers and services without typing a password every time. It has two parts:
- Private key — stays on your computer. Never shared, never uploaded anywhere. Can be protected with a passphrase.
- Public key — safe to share. You paste it into GitHub, GitLab, or a server’s authorized-keys list to grant access.
All three major operating systems use the same tool, ssh-keygen, and the same recommended key type, Ed25519. Only the terminal you open and a couple of OS-specific extras differ.
How to generate an SSH key on Windows
Windows 10 and 11 include OpenSSH built in, so no extra software is required.
- Open PowerShell (search “PowerShell” in the Start menu). Avoid cmd.exe — some prompts behave differently there.
- Run:
ssh-keygen -t ed25519 -C "your_email@example.com"
- Press Enter to accept the default save location, or type a custom path.
- Enter a passphrase, or press Enter twice to leave it blank.
- Your keys are now saved at:
C:\Users\<you>\.ssh\id_ed25519 (private key)
C:\Users\<you>\.ssh\id_ed25519.pub (public key)
- Copy the public key to your clipboard:
Get-Content ~\.ssh\id_ed25519.pub | clip
If ssh-keygen isn’t recognized: go to Settings > Apps > Optional Features > Add a feature > OpenSSH Client.
How to generate an SSH key on macOS
macOS ships with OpenSSH via Terminal — nothing to install.
- Open Terminal: press Cmd + Space, type “Terminal,” press Enter.
- Run:
ssh-keygen -t ed25519 -C "your_email@example.com"
- Press Enter to accept the default save location (~/.ssh/id_ed25519).
- Enter a passphrase, or press Enter twice to leave it blank.
- Your keys are now saved at:
~/.ssh/id_ed25519 (private key)
~/.ssh/id_ed25519.pub (public key)
- Add the key to the macOS keychain so you’re not prompted for the passphrase every session:
ssh-add --apple-use-keychain ~/.ssh/id_ed25519
- Copy the public key to your clipboard:
pbcopy < ~/.ssh/id_ed25519.pub
How to generate an SSH key on Linux
Any distribution with OpenSSH installed — which is nearly all of them by default — works the same way.
- Open a terminal.
- Run:
ssh-keygen -t ed25519 -C "your_email@example.com"
- Press Enter to accept the default save location (~/.ssh/id_ed25519).
- Enter a passphrase, or press Enter twice to leave it blank.
- Your keys are now saved at:
~/.ssh/id_ed25519 (private key)
~/.ssh/id_ed25519.pub (public key)
- Start the SSH agent and add your key so you’re not re-prompted each session:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
- Copy the public key (requires xclip, or just open the file):
cat ~/.ssh/id_ed25519.pub
How to add your SSH key to GitHub, GitLab, or a server
Once you’ve copied the contents of your .pub file:
- GitHub / GitLab: Settings > SSH and GPG keys > New SSH key. Paste the full contents of the .pub file.
- A Linux/Unix server: append it to ~/.ssh/authorized_keys on that server (create the file and folder if needed, and set permissions to 600 on the file and 700 on .ssh).
- cPanel / DirectAdmin: use the SSH Access section in the control panel to import the public key directly.
Never share the private key (the file with no .pub extension) — only the public key is meant to be distributed.
Frequently asked questions
What’s the difference between id_ed25519 and id_ed25519.pub?
id_ed25519 is your private key and must never leave your machine. id_ed25519.pub is the public key, which is safe to share and is what you paste into GitHub, GitLab, or a server’s authorized-keys file.
Is Ed25519 better than RSA for SSH keys?
Yes, for most modern use. Ed25519 keys are shorter, generate faster, and are computationally at least as secure as a 3072-bit RSA key. Use RSA only if you’re connecting to a legacy system that doesn’t support Ed25519.
Do I need a passphrase on my SSH key?
It’s optional but recommended. A passphrase protects your private key if your device is lost, stolen, or compromised. You can avoid re-typing it each session by using ssh-agent (Linux/Windows) or the macOS keychain (ssh-add –apple-use-keychain).
Where are SSH keys stored by default?
In the .ssh folder in your home directory: ~/.ssh/ on macOS and Linux, and C:\Users<you>.ssh\ on Windows.
Can I use the same SSH key on multiple computers?
You can copy your existing key pair to another machine, but it’s generally better practice to generate a separate key pair per device and add each public key to the services you use. That way losing one device only means revoking one key.
How do I generate an SSH key without a passphrase?
Run the same ssh-keygen -t ed25519 -C “your_email@example.com” command and press Enter twice when prompted for a passphrase, leaving it blank.