Last updated: May 1, 2026

SSH 101

SSH (Secure Shell Protocol) is a protocol for secure communication between machines over a network. It is a common way to log in to a remote server and to transfer files between machines.

SSH Keys

SSH keys provide stronger security than passwords. Each key pair has a secret private key and a public key.

Private key is stored on the local machine.

Public key is stored on the remote server, usually in the ~/.ssh/authorized_keys file.

So when you connect to the server:

ssh user@host

The server checks whether the public key is listed in the ~/.ssh/authorized_keys. Then it sends a challenge to the local machine. Your SSH client uses your private key to sign that challenge locally. The server uses your public key to verify the signature. If it matches, the server lets you in.

Your laptop                          Server
(private key)         (public key in authorized_keys)

    |                                       |
    | ---- connection / auth request -----> |
    | <------------ challenge ------------- |
    | ---- signed challenge --------------> |
    |                                       |
    |  server verifies signature; allowed   |

Generating an SSH Key Pair

ssh-keygen

This will generate an RSA key pair in the ~/.ssh directory. The private key is stored in ~/.ssh/id_rsa and the public key is stored in ~/.ssh/id_rsa.pub.

You can also specify the algorithm and the key size:

ssh-keygen -t ed25519 -C "you@example.com"

This will generate an Ed25519 key pair in the ~/.ssh directory.

The private key is stored in ~/.ssh/id_ed25519 and the public key is stored in ~/.ssh/id_ed25519.pub.

Adding your SSH key to the server

You can use ssh-copy-id to add your key to the server safely or append the contents of .pub yourself.

ssh-copy-id user@host
ssh user@host

You can customize the connection settings in ~/.ssh/config:

Host myserver
  HostName example.com
  User deploy
  IdentityFile ~/.ssh/id_ed25519

To verify SSH auth end to end (for example, after adding a key to GitHub):

ssh -vT git@github.com

ssh-agent

ssh-agent is a tool that keeps your private keys in memory so you don’t have to type your passphrase every time:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
ssh-add -l              # list added keys
ssh-add -D              # delete all keys