An SSH key is a public/private cryptographic key pair used to authenticate to SSH servers without a password. You generate a key pair once, put the public half on servers you want to access (in ~/.ssh/authorized_keys), and keep the private half safe on your laptop. SSH then proves possession of the private key without ever transmitting it.
ssh-keygen -t ed25519 -C "you@example.com" # generate modern key
ssh-keygen -t rsa -b 4096 # older, still fine
ssh-copy-id user@host # install on remote
eval $(ssh-agent) # start agent
ssh-add ~/.ssh/id_ed25519 # load into agent
ssh-add -l # list loaded keys
Modern SSH uses Ed25519 by default for new keys; it is fast, short, and secure. RSA with at least 3072 bits remains acceptable. Avoid DSA and older RSA. Keys can be password-protected at rest; the ssh-agent holds decrypted keys in memory so you type the passphrase once per session.
Agent forwarding (ssh -A) lets a remote shell use your local keys to connect onward to other hosts—convenient but dangerous if the intermediate host is compromised. The safer alternative is ProxyJump (ssh -J), which builds a tunnel through the intermediate without exposing your keys. Key-based authentication is one of the simplest and most effective security wins on any Linux server.
Related terms: SSH
Discussed in:
- Chapter 12: Networking — SSH: The Most Important Command
Also defined in: Textbook of Linux