@SeeYouSpace
The command:
ssh-keygen -t rsa
is not specific to OSX and should execute from the CLI once you’ve logged in as root
.
Ideally you should generate a stronger key than the default bit strength (which is 1024 bits or 2048 bits depending on OS and SSH version). To do this, we’d update the command above to:
ssh-keygen -b 4096 -t rsa
or
ssh-keygen -b 8192 -t rsa
The -b
argument specifies the bit strength of the key.
You can also run:
ssh-keygen --help
for quick-reference to what the argument options are and what they do.
–
If the ssh-keygen
command is ran as root
, and you do not specify where the key is to be stored when prompted, the default directory is going be:
/root/.ssh/
Inside this directory, you’re also going to find a file named authorized_keys
. If you didn’t setup an SSH key with your Droplet from DigitalOcean’s CP, this will most likely be empty. This file does not automatically update when you generate a new key, so you’ll have to use cat
to add the public key to the file.
To do this, we’d use the following command:
cat /root/.ssh/your_public_key >> /root/.ssh/authorized_keys
It’s important to note, that is two (2) >
– Using two >
means append to the end of the file while using a single >
would mean replace all contents with the contents of what we’re pushing in.
–
With that said, PuTTy uses it’s own format, PPK, when logging in to SSH from putty.exe, so you’ll need to copy the private key that was generated to a text file, import it using puttygen.exe (link) and convert it to a PPK file, which you will then define under:
Connection -> SSH -> Auth -> Private key file for authentication
You can also use PuTTyGen.exe to create a key-pair, though I find that it’s much faster from the CLI as you’re not forced to move your mouse around to generate randomness (as you are with PuTTyGen).
Hi SeeYouSpace,
There’s a howto at Userify for generating putty/pageant keys on Windows. It’s marketed towards EC2 but works great on DO too.
https://userify.com/docs/generating-ssh-keys-on-ec2.html