SSH Key Generation¶
About¶
You need to follow the instructions below only if you need to generate a new SSH key-pair.
Linux and macOS¶
Warning
Here we recommend the generation and use of ECDSA key-pair instead of RSA one.
Open a terminal and type:
ssh-keygen -t ecdsa -b 521 -f ~/.ssh/id_ecdsa
Note
You will be required to enter a password for protecting the secret/private key information. Supply a strong password, which you do not use as a login password. If you forget that password, you cannot use the private key again (unless you have a copy encrypted with a password you still remember)!
Upon success, the private key will be stored alone (in encrypted form) inside the file:
~/.ssh/id_ecdsa
and the public key will be available in:
~/.ssh/id_ecdsa.pub
Warning
Never send or disclose the content of ~/.ssh/id_ecdsa. During the onboarding process, you need to send/share only the content of ~/.ssh/id_ecdsa.pub. Create a copy of that file and keep in a safe place. Store the password for decrypting the key into some reliable password storage/manager.
If you need to share the public key, just type:
cat ~/.ssh/id_ecdsa.pub
and copy the content displayed on the terminal.
Windows¶
The best way you can generate OpenSSH key-pair on Windows is by using PuTTYgen. PuTTYgen is a tool included in the standard installation of PuTTY. To install PuTTY find and download the installer at:
Warning
Always run the most recent version of PuTTY tools.
To run PuTTYgen go to the seach bar of Windows, type there “puttygen” (1) and click on the application icon (2):
Then select “ECDSA” (1), “nist-521” from the menu (2), and press button “Generate” (3):
Move the mouse over the blank area until the progress bar reaches the right end:
Once the key generation is successfully completed, you have to specify some comment to the key (1), but do not include there any blank spaces or special symbols, then supply twice a strong password for protecting the private key from disclosure (2), and to press the button “Save private key” (3):
Note
Supply a strong password, which you do not use as a login password. If you forget that password, you cannot use the private key (unless you have a copy encrypted with a password you still remember)!
Specify the location and file name containing the private key:
Warning
Never send or disclose the content of the file containing the private key. Create a copy of that file and keep in a safe place. Store the password for decrypting the key into some reliable password storage/manager.
Getting help¶
See Getting help