When setting up a remote Linux server, you’ll need to decide upon a method for securely connecting to it. While passwords are one way of verifying a user’s identity, passwords have multiple vulnerabilities and can be cracked by a brute force attack. Secure Shell keys — better known as SSH keys — are often used instead of passwords, as they offer a more secure method of connecting to remote Linux servers. As part of the Secure Shell cryptographic network protocol, SSH keys also enable users to securely perform network services over an unsecured network, such as delivering text-based commands to a remote server or configuring its services.
This tutorial will guide you through the steps of creating SSH keys with OpenSSH, a suite of open-source SSH tools, on macOS and Linux, as well as on Windows through the use of the Windows Subsystem for Linux. It is written for an audience that is just getting started with the command line and will provide guidance on accessing the terminal on a personal computer. After completing this tutorial, you will have SSH keys that can be used to securely set up a server in the tutorial How To Set Up an Ubuntu Server on a DigitalOcean Droplet that is part of the Introduction to the Cloud Curriculum.
If you are already familiar with the command line and looking for instructions on using SSH to connect to a remote server, please see our collection of tutorials on Setting Up SSH Keys for a range of Linux operating systems.
To complete this tutorial, you will need:
Note: If you are looking for instructions on how to create SSH keys on a Windows machine that does not have the Windows Subsystem for Linux, please visit our product documentation How to Create SSH Keys with PuTTY on Windows.
SSH keys are two long strings of characters that can be used to authenticate the identity of a user requesting access to a remote server. The user generates these keys on their local computer using an SSH utility. One key is private and stored on the user’s local machine. The other key is public and shared with the remote server or any other entity the user wishes to communicate securely with.
When a user requests to connect to a server with SSH, the server sends a message encrypted with the public key that can only be decrypted by the associated private key. The user’s local machine then uses its private key to attempt to decrypt the message. If the message is successfully decrypted, the server grants the user access without the need of a password. Once authenticated, users can launch a remote shell session in their local terminal to deliver text-based commands to the remote server.
In the next step, you will open a terminal on your computer so that you can access the SSH utility used to generate a pair of SSH keys.
A terminal allows you to interact with your computer through text-based commands rather than a graphical user interface. How you access the terminal on your computer will depend on the type of operating system you are using.
On machines running macOS, the Terminal application is typically located in the Utilities folder inside the Applications folder. You can also find it by searching for “terminal” in the Search Spotlight.
If you are working on a Linux computer, your distribution’s default terminal application is also typically located in the Utilities
folder inside the Applications
folder. You can also find it by searching for “terminal” with the Desktop search functionality.
If you are working on a Windows machine running Windows Subsystem for Linux, a Linux terminal should open immediately after installation. You can also find it by searching for “Ubuntu” with the Desktop search functionality.
Once you have located your system’s terminal application, open up a new terminal window. Your terminal should display your user name, a dollar sign ($
), and a cursor. This is where you will begin to type commands to tell the terminal what to do.
In the next step, you will enter a text-based command to generate a pair of SSH keys.
Your macOS or Linux operating system should already have the standard OpenSSH suite of tools installed. This suite includes the utility ssh-keygen,
which you will use to generate a pair of SSH keys.
Type the following command into your terminal:
- ssh-keygen
You will then be prompted to select a location for the keys. By default, the keys are stored in the ~/.ssh
directory with the filenames id_rsa
for the private key and id_rsa.pub
for the public key. Using the default locations allows your SSH client to automatically find your SSH keys when authenticating, so we recommend accepting these default options. To do so, press ENTER
:
OutputGenerating public/private rsa key pair.
Enter file in which to save the key (/home/sammy/.ssh/id_rsa):
<$>[warning] Warning: If you have previously generated a key pair, you will be prompted to confirm that you actually want to overwrite the existing key:
Output/home/sammy/.ssh/id_rsa already exists.
Overwrite (y/n)?
If you choose to overwrite the key on disk, you will not be able to authenticate using the previous key anymore. Selecting “yes” is an irreversible destructive process.
If you’re certain that you want to overwrite the existing key on disk, you can do so by pressing Y
and then ENTER
.
<$>
If you choose the default location, your public key will be located in /home/sammy/.ssh/id_rsa.pub
and your private key will be located in /home/sammy/.ssh/id_rsa
. Note that in your file path, `sammie will be replaced with your username.
After selecting a location for the key, you’ll be prompted to enter an optional passphrase that encrypts the private key file on disk.
If you enter a passphrase, you will have to provide it every time you use this key (unless you are running SSH agent software that stores the decrypted key). We recommend using a passphrase, but you can just press ENTER
to bypass this prompt:
OutputCreated directory '/home/sammy/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Following that final prompt, your system will generate the SSH key pair:
OutputYour identification has been saved in /home/sammy/.ssh/id_rsa.
Your public key has been saved in /home/sammy/.ssh/id_rsa.pub.
The key fingerprint is:
a9:49:EX:AM:PL:E3:3e:a9:de:4e:77:11:58:b6:90:26 sammy@203.0.113.0
The key's randomart image is:
+--[ RSA 2048]----+
| ..o |
| E o= . |
| o. o |
| .. |
| ..S |
| o o. |
| =o.+. |
|. =++.. |
|o=++. |
+-----------------+
You now have a public and private key that you can use to authenticate.
Congratulations, you have now generated a pair of SSH keys. These keys can be used to securely connect with a remote server and are necessary for the tutorial How To Set Up an Ubuntu Server on a DigitalOcean Droplet that follows this tutorial in the Introduction to the Cloud Curriculum.
For a deeper dive on working with SSH, please visit our guide SSH Essentials: Working With SSH Servers, Clients, and Keys.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.