TheTest.com

SSH Key Setup

How to generate SSH keys and use them to connect to GitHub, GitLab, and remote servers

SSH keys are a pair of cryptographic keys used to authenticate you with remote servers and services like GitHub. You have a private key (stays on your computer, never share it) and a public key (goes on the server or service you're connecting to). They're more secure than passwords and more convenient – once set up, you connect without typing a password each time.

Generating a key

  1. Open Terminal
  2. Run: 
    ssh-keygen -t ed25519 -C "[email protected]"
    Replace the email with your own. The -C flag is just a label to help you identify the key
  3. When asked where to save, press Enter to accept the default (~/.ssh/id_ed25519)
  4. Enter a passphrase when prompted. This is an extra layer of security – if someone gets your key file, they still can't use it without the passphrase. You can leave it blank, but using one is recommended

This creates two files:

  • ~/.ssh/id_ed25519 – your private key (keep this secret)
  • ~/.ssh/id_ed25519.pub – your public key (this is what you share)

Adding to the SSH agent

The SSH agent stores your key in memory so you don't have to enter the passphrase every time.

  1. Start the agent:

    eval "$(ssh-agent -s)"

  2. Add your key:

    ssh-add --apple-use-keychain ~/.ssh/id_ed25519

    The --apple-use-keychain flag stores the passphrase in macOS Keychain so it persists across restarts

  3. To make this automatic, add to ~/.ssh/config:

    Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519

Adding to GitHub

  1. Copy your public key: 
    pbcopy < ~/.ssh/id_ed25519.pub
  2. Go to github.com > click your profile picture > Settings
  3. Click SSH and GPG keys in the sidebar
  4. Click New SSH key
  5. Give it a title (like "MacBook Pro"), paste the key, and click Add SSH key

Test the connection:

ssh -T [email protected]

You should see a message like "Hi username! You've successfully authenticated."

Adding to a remote server

Copy your public key to the server:

ssh-copy-id user@server-address

Or manually:

cat ~/.ssh/id_ed25519.pub | ssh user@server-address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Now you can connect with ssh user@server-address without a password.

Frequently Asked Questions

What's the difference between ed25519 and RSA keys?

Ed25519 is the modern recommendation – it's faster, produces shorter keys, and is considered highly secure. RSA (with 4096 bits) is the older standard and still works everywhere. Use ed25519 unless you're connecting to a very old server that doesn't support it.

I already have an SSH key. Do I need a new one?

No. Check for existing keys by looking in ~/.ssh/ for files like id_ed25519 or id_rsa. If you already have a key pair, you can use it. Just add the public key (.pub file) to whatever service you want to connect to.

What happens if I lose my private key?

You lose access to anything authenticated with that key. Generate a new key pair and add the new public key to GitHub, servers, etc. This is why it's important to set up keys on each device separately rather than copying private keys between machines.

Should I use a passphrase?

Yes. A passphrase encrypts your private key file, so even if someone copies it off your computer, they can't use it without the passphrase. The SSH agent remembers it for you during your session, so you only type it once after logging in.

Can I use the same key for GitHub and a server?

Yes. Your public key can be added to as many services and servers as you want. The private key stays on your machine and handles authentication with all of them. That said, using separate keys for personal and work contexts is a good practice for security and organization.