Article

Table of Contents
Theme:
Was this article helpful?

22  out of  31 found this helpful

Try Vultr Today with

$50 Free on Us!

Want to contribute?

You could earn up to $600 by adding new articles!

How Do I Generate SSH Keys?

Last Updated: Mon, Jun 7, 2021
FAQ Quickstart Guides Security

An SSH key allows you to log into your server without a password. This guide describes creating SSH keys using a Linux, Mac, or Windows workstation in OpenSSH format, suitable for use with Vultr server instances.

Create an SSH Key with OpenSSH

OpenSSH is standard and should be present on macOS and most Linux distributions. We also have installation instructions for Windows 10 users. Follow these steps to create an SSH key with the OpenSSH utilities.

  1. Generate your key with ssh-keygen, substituting your email address.

     $ ssh-keygen -t ed25519 -C "your_email@example.com"
    

    Note: If you use a legacy system that doesn't support the Ed25519 algorithm, use: ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    By default, the keys are stored in the ~/.ssh directory. Most SSH clients automatically use these default filenames:

    Algorithm Public key Private key
    ED25519 (preferred) id_ed25519.pub id_ed25519
    RSA (at least 2048-bit key size) id_rsa.pub id_rsa
    DSA (deprecated) id_dsa.pub id_dsa
    ECDSA id_ecdsa.pub id_ecdsa
  2. Press ENTER to save the key in the default location.

    Generating public/private ed25519 key pair.
    Enter file in which to save the key (/Users/example/.ssh/id_ed25519):
    
  3. You may enter a passphrase for your key. We recommend using a passphrase, but you can press ENTER to bypass this prompt. If you use a passphrase, you will enter it each time you use the key unless you also use ssh-agent.

    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    
  4. Your key is generated and saved.

    Your identification has been saved in /Users/example/.ssh/id_ed25519.
    Your public key has been saved in /Users/example/.ssh/id_ed25519.pub.
    The key fingerprint is:
    SHA256:qx6prR4Zo+VU7Fl8yivXzzzzzzzzJ/9NRnPbrC20w7g example@example.com
    The key's randomart image is:
    +--[ED25519 256]--+
    |                 |
    |     o .         |
    |    o B o + .    |
    |     B + + o +   |
    |    = = S o o o  |
    |   = + = O + +   |
    |  . + B B = * .  |
    |     = O   + o   |
    |   .+o=.. E .    |
    +----[SHA256]-----+
    
  5. Make a backup of the private key. The key cannot be recovered if lost.

  6. Before connecting to an existing server with your SSH key, you'll need to add the public key to the authorized_keys file. You can also add the public key to your Vultr account.

Install OpenSSH on Windows 10

The OpenSSH client is an installable component for Windows 10 1809.

  1. Launch Settings then go to Apps > Apps and Features > Manage Optional Features.
  2. Scan this list to see if OpenSSH Client is already installed. If not, then click Add a feature.
  3. Locate OpenSSH Client, then click Install.
  4. Optionally, you can also install OpenSSH Client with PowerShell.

Once you've installed OpenSSH, follow the instructions above to create your SSH key.

Create an SSH Key on Windows with PuTTYgen

PuTTYgen is part of the PuTTY suite of utilities. It is available for all versions of Windows.

  1. Download the latest version of the PuTTY utilities. We recommend the MSI Windows Installer package.
  2. Install the package and run PuTTYgen.
  3. At the bottom of the program window, select EdDSA for the key type.
  4. In the lower-right corner, set "Curve to use for generating this key" to Ed25519 (255 bits).
  5. Click the Generate button. Then, move the mouse in the blank area to generate some random data.
  6. Enter a Key comment to make the key easier to identify later.
  7. The private key must be kept secure from unauthorized use. We recommend entering a Key passphrase to protect the SSH key.
  8. Click Save private key and store it securely. It is not possible to recover this file if it is lost. This file is your public/private key pair in PuTTY format. You can re-import this file with PuTTYgen in the future to export or convert the format of your public key.
  9. Click Conversions > Export OpenSSH key. Save this file and store it securely. This file is your private SSH key in OpenSSH format. You may need this file if you use an SSH client other than PuTTY.
  10. Select the text in the Public key for pasting into OpenSSH authorized_keys file box and save it to a file. This is your public key in OpenSSH format. If you want to add this key to your Vultr account, you'll also copy and paste this into the Customer Portal.

Recover a Lost Public Key

If you have access to the private key, you can recover the public key with OpenSSH.

Pass ssh-keygen the -y option and the path to the private key with the -f option. When ssh-keygen regenerates the public SSH key, you can redirect the output to a file of your choice.

For example, to regenerate the public key for ~/example_key and send the output to ~/example_key.pub:

$ ssh-keygen -y -f ~/example_key > ~/example_key.pub

If a password is set for the key, you will be prompted to enter it.

Change the Key's Passphrase

You can change the passphrase on a private key with the -p option and pass the key name with the -f option.

$ ssh-keygen -p -f ~/example_key

Enter your old and new passphrase (twice) at the prompts.

View the Key's Fingerprint

Print the key's SHA256 fingerprint with the -l option, and pass the key name with the -f option.

$ ssh-keygen -l -f example_key

The output is something like this:

3072 SHA256:pqdEtfbmIRwqTk9PpApa7DMvAxqCA577vJ/FcgyUM0Q root@localhost (RSA).

Transfer a Key to Your Server

OpenSSH includes a utility to transfer a key to your server. When using this utility, you must authenticate to your server using SSH.

Specify the public key to be transferred with the -i option. Replace the example with your username and the server's IP address.

$ ssh-copy-id -i ~/.ssh/example_key.pub example_user@192.0.2.123

You will be prompted to authenticate with your server and transfer the key to the remote server's authorized_keys file.

About SSH Key Formats

OpenSSH 6.5 introduced ED25519 keys in 2014, and they are available on most operating systems. It's believed that ED25519 keys are more secure than RSA, with better performance. If you use an RSA key, the US National Institute of Science and Technology recommends a key size of at least 2048 bits.

More Information

For more information about managing SSH keys, see our other guides:

Want to contribute?

You could earn up to $600 by adding new articles