Cheat Sheet logoCheat Sheet Today

SSH Keys and Agent Cheat Sheet

SSHPermalink

SSH key generation, authorized_keys management, ssh-keyscan, host keys, ssh-agent, ssh-add, and certificate basics.

Sign in to save
View
StandardDetailedCompact
Export
Copy the compact sheet, download it, or print it.
Download
`D` dense toggle · `C` copy all

Key Generation

Create, inspect, and convert SSH keys.

Generate an Ed25519 key

Create a modern SSH key pair.

bashANYsshkeygened25519
#
bash
ssh-keygen -t ed25519 -C 'you@example.com'
Notes

Create a modern SSH key pair.

Generate an RSA key

Create an RSA key pair for compatibility when needed.

bashANYsshkeygenrsa
#
bash
ssh-keygen -t rsa -b 4096 -C 'you@example.com'
Notes

Create an RSA key pair for compatibility when needed.

Generate a key at a custom path

Write a key pair to a chosen file.

bashANYsshkeygenidentity
#
bash
ssh-keygen -t ed25519 -f ~/.ssh/id_work_ed25519 -C 'work key'
Notes

Write a key pair to a chosen file.

Generate a key without passphrase

Skip passphrase prompts, usually only for automation accounts.

bashANYsshkeygenautomation
#
bash
ssh-keygen -t ed25519 -N '' -f ~/.ssh/id_ci_ed25519
Notes

Skip passphrase prompts, usually only for automation accounts.

Change key passphrase

Update the passphrase on an existing private key.

bashANYsshkeygenpassphrase
#
bash
ssh-keygen -p -f ~/.ssh/id_ed25519
Notes

Update the passphrase on an existing private key.

Show a key fingerprint

Print the fingerprint of a public key file.

bashANYsshkeygenfingerprint
#
bash
ssh-keygen -lf ~/.ssh/id_ed25519.pub
Notes

Print the fingerprint of a public key file.

Show randomart for a key

Display a visual fingerprint representation.

bashANYsshkeygenfingerprint
#
bash
ssh-keygen -lvf ~/.ssh/id_ed25519.pub
Notes

Display a visual fingerprint representation.

Extract public key from private key

Regenerate the public half from a private key.

bashANYsshkeygenpublickey
#
bash
ssh-keygen -y -f ~/.ssh/id_ed25519 > ~/.ssh/id_ed25519.pub
Notes

Regenerate the public half from a private key.

Authorized Keys and Host Keys

Install keys and inspect remote host keys.

Install your public key on a server

Append your public key to a remote account's authorized_keys.

bashANYsshauthorized-keyscopy-id
#
bash
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@example.com
Notes

Append your public key to a remote account's authorized_keys.

Install key on custom port

Use ssh-copy-id with a non-default SSH port.

bashANYsshauthorized-keyscopy-id
#
bash
ssh-copy-id -i ~/.ssh/id_ed25519.pub -p 2222 user@example.com
Notes

Use ssh-copy-id with a non-default SSH port.

Scan a host key

Fetch a server host key without logging in.

bashANYsshhostkeykeyscan
#
bash
ssh-keyscan example.com
Notes

Fetch a server host key without logging in.

Add a host key to known_hosts

Append a scanned host key to your known_hosts file.

bashANYsshknown-hostskeyscan
#
bash
ssh-keyscan -H example.com >> ~/.ssh/known_hosts
Notes

Append a scanned host key to your known_hosts file.

Find a host in known_hosts

Search known_hosts for a specific host entry.

bashANYsshknown-hostsinspect
#
bash
ssh-keygen -F example.com
Notes

Search known_hosts for a specific host entry.

Remove a host from known_hosts

Delete stale host key entries for a host.

bashANYsshknown-hostscleanup
#
bash
ssh-keygen -R example.com
Notes

Delete stale host key entries for a host.

Hash known_hosts file

Hash hostnames in known_hosts for privacy.

bashANYsshknown-hostsprivacy
#
bash
ssh-keygen -H -f ~/.ssh/known_hosts
Notes

Hash hostnames in known_hosts for privacy.

Sign a host key with a CA

Create a host certificate from a host CA key.

bashANYsshcertificatehostkey
#
bash
ssh-keygen -s ~/.ssh/ca_host -I host-web01 -h -n web01.example.com /etc/ssh/ssh_host_ed25519_key.pub
Notes

Create a host certificate from a host CA key.

ssh-agent and ssh-add

Manage agent sockets and loaded identities.

Start ssh-agent in current shell

Start an agent and export its environment variables.

bashANYsshagentenvironment
#
bash
eval "$(ssh-agent -s)"
Notes

Start an agent and export its environment variables.

Add default key to agent

Load the default identity into ssh-agent.

bashANYsshagentssh-add
#
bash
ssh-add ~/.ssh/id_ed25519
Notes

Load the default identity into ssh-agent.

List loaded keys

Show fingerprints of identities currently loaded in the agent.

bashANYsshagentinspect
#
bash
ssh-add -l
Notes

Show fingerprints of identities currently loaded in the agent.

List public keys in agent

Print public keys currently loaded in the agent.

bashANYsshagentpublickey
#
bash
ssh-add -L
Notes

Print public keys currently loaded in the agent.

Remove one key from agent

Delete a specific key from the agent.

bashANYsshagentcleanup
#
bash
ssh-add -d ~/.ssh/id_ed25519
Notes

Delete a specific key from the agent.

Remove all keys from agent

Clear all identities from the agent.

bashANYsshagentcleanup
#
bash
ssh-add -D
Notes

Clear all identities from the agent.

Require confirmation before using a key

Load a key that prompts for confirmation on each use.

bashANYsshagentconfirmation
#
bash
ssh-add -c ~/.ssh/id_ed25519
Notes

Load a key that prompts for confirmation on each use.

Set agent key lifetime

Load a key that expires automatically from the agent.

bashANYsshagentlifetime
#
bash
ssh-add -t 1h ~/.ssh/id_ed25519
Notes

Load a key that expires automatically from the agent.

More in SSH

OpenSSH Server Admin Cheat Sheet
sshd administration, config validation, systemd control, logging, hardening, authorized keys, and certificates.
SSH Tunnels and Forwarding Cheat Sheet
Local, remote, and dynamic SSH forwarding with practical database, web, and bastion tunnel recipes.
SCP and SFTP Cheat Sheet
SSH-based file transfer with scp and sftp, including recursive copies, jump hosts, interactive commands, and batch mode.
SSH Config Cheat Sheet
Client-side SSH configuration examples for aliases, defaults, patterns, includes, ProxyJump, multiplexing, and effective config inspection.
SSH Cheat Sheet
Comprehensive SSH client commands for login, remote execution, auth, multiplexing, jump hosts, and practical options.

Recommended next

No recommendations yet.
Browse all sheets →