Generating SSH keys

In order to generate SSH keys for authentication you should execute connect genkey. If you don’t provide any options then by default a 3072bit RSA key will be generated. Private key will be stored in private_key.pem and public key will be stored in public_key.pem.

Output file for SSH key

It’s possible to provide the output file name by using:

• -o, --outfile then the output file name for the private key

For example to name the key my-key you should execute:

$ connect genkey -o mykey
2025/06/25 09:42:05 INFO Private and public keys generated and saved to mykey and mykey.pub
$ ls mykey*
mykey      mykey.pub
$ file mykey
mykey: OpenSSH private key
$ file mykey.pub
mykey.pub: OpenSSH RSA public key
$ ssh-keygen -lf mykey.pub
3072 SHA256:i7i/hR7StCbRMX+HkLgAe0GAZT3s+UuQCGswk/TmjWw no comment (RSA)

Setting generated SSH key type

You can set the key type to any of the supported types: RSA, ECDSA, ED25519. If you don’t specify the key type it defaults to RSA. You can also specify the key size.

• -t, --type then the key type
• -s, --size then the size of the key (default rsa:3072, ecdsa:256, ed25519:256)

For example:

RSA

$ connect genkey -t rsa -s 4096
2025/06/25 09:49:44 INFO Private and public keys generated and saved to private_key.pem and public_key.pem

ECDSA

$ connect genkey -t ecdsa
2025/06/25 09:50:25 INFO Private and public keys generated and saved to private_key.pem and public_key.pem

ED25519

$ connect genkey -t ed25519
2025/06/25 09:51:14 INFO Private and public keys generated and saved to private_key.pem and public_key.pem

Protecting SSH key with password

Caution

It’s strongly advised to password protect your SSH key.

To do that you need to use

• -p, --passphrase then the password (or provide - and system will prompt you for one)

For example:

$ connect genkey -t ed25519 -p -
Enter Password:
Repeat Password:
2025/06/25 09:52:43 INFO Private and public keys generated and saved to private_key.pem and public_key.pem

All SSH key generation options

Generate SSH key pair

Usage:
  connect genkey [command] [flags]

Flags:
  -o, --outfile string      Key output file (default "private_key.pem")
  -p, --passphrase string   Key passphrase
  -s, --size int            Key length (default rsa:3072, ecdsa:256, ed25519:256)
  -t, --type string         Key type [rsa,ecdsa,ed25519] (default "rsa")

Global Flags:
      --godebug             Turns on debug mode
      --help                Prints help for the command
      --log-format string   Log output format: text|json (default "text")
      --no-color            Do not use colors in logs
      --quiet               Makes no output