An SSH key allows you to log into your server without a password. This guide describes how to create SSH keys using a Linux or Mac system.
Create an SSH Key with OpenSSH
OpenSSH is standard and should be present on macOS and most Linux distributions. Follow these steps to create an SSH key with the OpenSSH utilities.
1. Generate your key with ssh-keygen using these parameters:
$ ssh-keygen -t rsa -b 4096 -C "Example comment"
Generate an RSA format key with the -t rsa
parameter. For a more secure 4096-bit key, use the -b 4096
parameter. To enter a comment, use the -C [comment]
parameter.
2. Press ENTER to save the key in the default location. By default, the keys are stored in the ~/.ssh directory. Using the default filename is convenient because most SSH clients automatically use the default filenames of id_rsa for the private key and id_rsa.pub for the public key.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/example_user/.ssh/id_rsa):
3. You may enter a passphrase for your key. We recommend using a passphrase, but you can press ENTER to bypass this prompt. If you use a passphrase, you will enter it each time you use the key unless you also use ssh-agent.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
4. Your key is generated and saved.
The default filename for the public key is /home/example/.ssh/id_rsa.pub
on Mac and Linux.
Create an SSH Key on Windows with PuTTYgen
1. Download the latest version of the PuTTY, install the package and run PuTTYgen.
2. At the bottom of the program window, select RSA for the key type.
3. In the lower-right corner, set the number of bits for your key. 2048-bit keys are reasonably safe, and 4096-bit keys are very secure.
4. Click the Generate button. Move the mouse in the blank area to generate some random data.
5. Enter a Key comment to make the key easier to identify later.
6. The private key must be kept secure from unauthorized use. I recommend entering a Key passphrase to protect the SSH key.
7. Click Save private key and store it securely. It is not possible to recover this file if it is lost. This file is your public/private key pair in PuTTY format. You can re-import this file with PuTTYgen in the future to export or convert the format of your public key.
8. Click Conversions > Export OpenSSH key. Save this file and store it securely. This file is your private SSH key in OpenSSH format. You may need this file if you use an SSH client other than PuTTY.
9. Select the text in the Public key for pasting into OpenSSH authorized_keys
file box and save it to a file. This is your public key in OpenSSH format.