ssh-keygen -t rsa
is not specific to OSX and should execute from the CLI once you’ve logged in as
Ideally you should generate a stronger key than the default bit strength (which is 1024 bits or 2048 bits depending on OS and SSH version). To do this, we’d update the command above to:
ssh-keygen -b 4096 -t rsa
ssh-keygen -b 8192 -t rsa
-b argument specifies the bit strength of the key.
You can also run:
for quick-reference to what the argument options are and what they do.
ssh-keygen command is ran as
root, and you do not specify where the key is to be stored when prompted, the default directory is going be:
Inside this directory, you’re also going to find a file named
authorized_keys. If you didn’t setup an SSH key with your Droplet from DigitalOcean’s CP, this will most likely be empty. This file does not automatically update when you generate a new key, so you’ll have to use
cat to add the public key to the file.
To do this, we’d use the following command:
cat /root/.ssh/your_public_key >> /root/.ssh/authorized_keys
It’s important to note, that is two (2)
> – Using two
> means append to the end of the file while using a single
> would mean replace all contents with the contents of what we’re pushing in.
With that said, PuTTy uses it’s own format, PPK, when logging in to SSH from putty.exe, so you’ll need to copy the private key that was generated to a text file, import it using puttygen.exe (link) and convert it to a PPK file, which you will then define under:
Connection -> SSH -> Auth -> Private key file for authentication
You can also use PuTTyGen.exe to create a key-pair, though I find that it’s much faster from the CLI as you’re not forced to move your mouse around to generate randomness (as you are with PuTTyGen).