Generates SSH key-pairs

Downloads in past


201.3.010 months agoa year agoMinified + gzip package size for ssh-keygen-lite in KB


npm npm downloads npm bundle size
Generates a SSH key-pair using.


  1. Make sure you have ssh-keygen installed in your machine. Try $ ssh-keygen if you aren't sure
  2. Run npm install ssh-keygen-lite if you're using NPM


TIP: If you set a non-empty string to the environment variable VERBOSE, you'll enable the verbose mode.
Logs from the lib are prefixed by ssh-keygen-lie: while logs from the binary ssh-keygen are emitted with the prefix ssh-keygen:

// With CommonJS
const path = require('path');
const keygen = require('ssh-keygen-lite');

    // sshKeygenPath: 'ssh-keygen',
    location: path.join(__dirname, 'foo_rsa'),
    type: 'rsa',
    read: true,
    force: true,
    destroy: false,
    comment: '',
    password: 'keypassword',
    size: '2048',
    format: 'PEM',
  // If you omit this callback function, a Promise will be returned instead!
  function onDoneCallback(err, out) {
    // The error could be related to ssh-keygen binary or file system errors.
    if (err) return console.error('Something went wrong:', err);
    console.log('Keys created!');
    console.log('private key:', out.key);
    console.log('public key:', out.pubKey);

Read about the expected types here.


  • location: desired location for the key. The public key will be at the location + .pub. Defaults to a file called id_rsa inside a temporary directory
  • type: type of the SSH key that is generated. Defaults to rsa.
  • read: should the callback have the key files read into it. Defaults to true
  • force: destroy pre-existing files with the location name and the public key name. Defaults to true
  • destroy: destroy the key files once they have been read. Defaults to false
  • comment: the comment that should be embedded into the key. Defaults to an empty string
  • password: the password for the key. Falsy values will turn this into an empty string. Defaults to an empty string
  • size: Specifies the number of bits (as string) in the key to create. Defaults to '2048'
  • format: Specify a key format for key generation. Defaults to 'RFC4716'

Promise-based API

NOTE: You'll need NodeJS version 8 or later because it's rely on util.promisify utility.

If you don't supply the second parameter to keygen (ie., the callback), then it will return a Promise that resolves to an plain object with key and pubkey properties.

How it works

The following shell command will get executed:
$ ssh-keygen -t rsa -b 2048 -C "" -N "keypassword" -m PEM -f ./foo_rsa
Generating public/private rsa key pair.
Your identification has been saved in ./foo_rsa.
Your public key has been saved in ./
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
|      o          |
|     o + o       |
|    . = O o   .  |
|     + = * . . . |
|    o . S . . E  |
|     + o .     o |
|    + .          |
|   o             |
|                 |


It is advisable to generate your keys on a machine with a significant random source like one with a mouse/trackpad.


ssh-keygen-lite is open source under the MIT license.
All credits go to Eric Vicenti.


This package bundles binaries for windows. The current version is: