Files

SKILL.mdagentsreferencesscripts

Install

Install the containing plugin

/plugin install shared-skills@llm-skills

Invoke this skill after installation

/shared-skills:ssh-keygen

Download ssh-keygen-skill.zip

This skill is bundled inside shared-skills. Install the plugin once, then Claude Code can use any of its included skills. Browse the full plugin repository at github.com/alisonaquinas/llm-shared-skills.

SKILL.md

name: ssh-keygen description: Generate and manage SSH key pairs with fingerprinting and validation. Use when the agent needs to create SSH credentials, verify key identity, or manage key lifecycle.

ssh-keygen

Generate, validate, and fingerprint SSH keypairs with secure file permissions.

Prerequisite Check

Run this before proposing key generation or conversion:

command -v ssh-keygen >/dev/null 2>&1 || ssh-keygen -V

If ssh-keygen is missing, surface that first and point to scripts/install.sh or scripts/install.ps1. Do not suggest manual key-file fabrication as a fallback.

Quick Start

Verify ssh-keygen is available: ssh-keygen -h or man ssh-keygen
Establish the command surface: man ssh-keygen or ssh-keygen -h
Start with key generation: ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519

Intent Router

Load only the reference file needed for the active request.

references/install-and-setup.md — Installing OpenSSH on macOS, Linux, Windows
references/cheatsheet.md — Key generation, fingerprinting, key formats
references/advanced-usage.md — Key types (RSA, ECDSA, Ed25519), key conversion, signing
references/troubleshooting.md — Permission errors, key corruption, format issues

Core Workflow

Verify ssh-keygen is available: ssh-keygen -h
Generate keypair: ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N passphrase
Set correct permissions: chmod 600 ~/.ssh/id_ed25519 and chmod 644 ~/.ssh/id_ed25519.pub
Fingerprint key: ssh-keygen -lf ~/.ssh/id_ed25519.pub

Quick Command Reference

ssh-keygen -h                          # Show help
ssh-keygen -t ed25519 -f ~/.ssh/id    # Generate Ed25519 key
ssh-keygen -lf ~/.ssh/id.pub          # Show key fingerprint
ssh-keygen -y -f ~/.ssh/id            # Derive public key from private
ssh-keygen -p -f ~/.ssh/id            # Change key passphrase
ssh-keygen -R hostname                # Remove hostname from known_hosts
man ssh-keygen                        # Full manual

# Generate a modern keypair with a comment
ssh-keygen -t ed25519 -C "dev@example.com" -f ~/.ssh/id_ed25519

# Verify the fingerprint before distribution
ssh-keygen -lf ~/.ssh/id_ed25519.pub

Safety Notes

Area	Guardrail
Key permissions	Private keys must be chmod 600. SSH refuses keys with wrong permissions. Public keys chmod 644.
Key type	Use Ed25519 (modern, secure, compact). Avoid RSA unless legacy required. Never use DSA.
Passphrase	Protect keys with strong passphrase. Use ssh-agent to avoid repeated password entry.
Key storage	Store private keys in secure location (~/.ssh/). Never commit to version control.
Fingerprinting	Always verify fingerprints when registering public keys on servers. Prevents key substitution.
Key recovery	Keep secure backup of private keys. Loss means regeneration and server updates.

Recovery note: if the runtime lacks OpenSSH tooling, stop at install guidance instead of improvising with ad hoc key generators or copied private keys from unknown sources.

Source Policy

Treat the installed ssh-keygen behavior and man ssh-keygen as runtime truth.
Use OpenSSH documentation for key management best practices.

Resource Index

scripts/install.sh — Install OpenSSH on macOS or Linux.
scripts/install.ps1 — Install OpenSSH on Windows or any platform via PowerShell.