@SeeYouSpace

The command:

ssh-keygen -t rsa

is not specific to OSX and should execute from the CLI once you’ve logged in as root.

Ideally you should generate a stronger key than the default bit strength (which is 1024 bits or 2048 bits depending on OS and SSH version). To do this, we’d update the command above to:

ssh-keygen -b 4096 -t rsa

or

ssh-keygen -b 8192 -t rsa

The -b argument specifies the bit strength of the key.

You can also run:

ssh-keygen --help

for quick-reference to what the argument options are and what they do.

–

If the ssh-keygen command is ran as root, and you do not specify where the key is to be stored when prompted, the default directory is going be:

/root/.ssh/

Inside this directory, you’re also going to find a file named authorized_keys. If you didn’t setup an SSH key with your Droplet from DigitalOcean’s CP, this will most likely be empty. This file does not automatically update when you generate a new key, so you’ll have to use cat to add the public key to the file.

To do this, we’d use the following command:

cat /root/.ssh/your_public_key >> /root/.ssh/authorized_keys

It’s important to note, that is two (2) > – Using two > means append to the end of the file while using a single > would mean replace all contents with the contents of what we’re pushing in.

–

With that said, PuTTy uses it’s own format, PPK, when logging in to SSH from putty.exe, so you’ll need to copy the private key that was generated to a text file, import it using puttygen.exe (link) and convert it to a PPK file, which you will then define under:

Connection -> SSH -> Auth -> Private key file for authentication

You can also use PuTTyGen.exe to create a key-pair, though I find that it’s much faster from the CLI as you’re not forced to move your mouse around to generate randomness (as you are with PuTTyGen).