How To Create SSH Keys with OpenSSH on macOS, Linux, or Windows Subsystem for Linux

Introduction

When setting up a remote Linux server, you’ll need to decide upon a method for securely connecting to it. While passwords are one way of verifying a user’s identity, passwords have multiple vulnerabilities and can be cracked by a brute force attack. Secure Shell keys — better known as SSH keys — are often used instead of passwords, as they offer a more secure method of connecting to remote Linux servers. As part of the Secure Shell cryptographic network protocol, SSH keys also enable users to securely perform network services over an unsecured network, such as delivering text-based commands to a remote server or configuring its services.

This tutorial will guide you through the steps of creating SSH keys with OpenSSH, a suite of open-source SSH tools, on macOS and Linux, as well as on Windows through the use of the Windows Subsystem for Linux. It is written for an audience that is just getting started with the command line and will provide guidance on accessing the terminal on a personal computer. After completing this tutorial, you will have SSH keys that can be used to securely set up a server in the tutorial How To Set Up an Ubuntu Server on a DigitalOcean Droplet that is part of the Introduction to the Cloud Curriculum.

If you are already familiar with the command line and looking for instructions on using SSH to connect to a remote server, please see our collection of tutorials on Setting Up SSH Keys for a range of Linux operating systems.

How To Create SSH Keys with OpenSSH on macOS, Linux, or Windows Subsystem for Linux

1. Understanding SSH-Keys
2. Opening a Terminal on Your Computer
3. Generating Keys With OpenSSH

Prerequisites

To complete this tutorial, you will need:

• A local machine running one of the following operating systems: macOS, Linux, or Windows with Windows Subsystem for Linux installed. If you are using Windows, you can find instructions for downloading or updating the Windows Subsystem for Linux on Microsoft’s documentation page. Note that while OpenSSH should work for a range of Linux distributions, this tutorial has been tested using Ubuntu.

• Some familiarity with working with a terminal and the command line. If you need an introduction to working with terminals and the command line, you can visit our guide A Linux Command Line Primer.

Step 1 — Understanding SSH Keys

SSH keys are two long strings of characters that can be used to authenticate the identity of a user requesting access to a remote server. The user generates these keys on their local computer using an SSH utility. One key is private and stored on the user’s local machine. The other key is public and shared with the remote server or any other entity the user wishes to communicate securely with.

When a user requests to connect to a server with SSH, the server sends a message encrypted with the public key that can only be decrypted by the associated private key. The user’s local machine then uses its private key to attempt to decrypt the message. If the message is successfully decrypted, the server grants the user access without the need of a password. Once authenticated, users can launch a remote shell session in their local terminal to deliver text-based commands to the remote server.

In the next step, you will open a terminal on your computer so that you can access the SSH utility used to generate a pair of SSH keys.

Step 2 — Opening a Terminal on Your Computer

A terminal allows you to interact with your computer through text-based commands rather than a graphical user interface. How you access the terminal on your computer will depend on the type of operating system you are using.

On machines running macOS, the Terminal application is typically located in the Utilities folder inside the Applications folder. You can also find it by searching for “terminal” in the Search Spotlight.

If you are working on a Linux computer, your distribution’s default terminal application is also typically located in the Utilities folder inside the Applications folder. You can also find it by searching for “terminal” with the Desktop search functionality.

If you are working on a Windows machine running Windows Subsystem for Linux, a Linux terminal should open immediately after installation. You can also find it by searching for “Ubuntu” with the Desktop search functionality.

Once you have located your system’s terminal application, open up a new terminal window. Your terminal should display your user name, a dollar sign ($), and a cursor. This is where you will begin to type commands to tell the terminal what to do.

In the next step, you will enter a text-based command to generate a pair of SSH keys.

Step 3 — Generating Keys With OpenSSH

Your macOS or Linux operating system should already have the standard OpenSSH suite of tools installed. This suite includes the utility ssh-keygen, which you will use to generate a pair of SSH keys.

Type the following command into your terminal:

ssh-keygen

You will then be prompted to select a location for the keys. By default, the keys are stored in the ~/.ssh directory with the filenames id_rsa for the private key and id_rsa.pub for the public key. Using the default locations allows your SSH client to automatically find your SSH keys when authenticating, so we recommend accepting these default options. To do so, press ENTER:

Output
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sammy/.ssh/id_rsa):

<$>[warning] Warning: If you have previously generated a key pair, you will be prompted to confirm that you actually want to overwrite the existing key:

Output
/home/sammy/.ssh/id_rsa already exists.
Overwrite (y/n)?

If you choose to overwrite the key on disk, you will not be able to authenticate using the previous key anymore. Selecting “yes” is an irreversible destructive process.

If you’re certain that you want to overwrite the existing key on disk, you can do so by pressing Y and then ENTER. <$>

If you choose the default location, your public key will be located in /home/sammy/.ssh/id_rsa.pub and your private key will be located in /home/sammy/.ssh/id_rsa. Note that in your file path, `sammie will be replaced with your username.

After selecting a location for the key, you’ll be prompted to enter an optional passphrase that encrypts the private key file on disk.

If you enter a passphrase, you will have to provide it every time you use this key (unless you are running SSH agent software that stores the decrypted key). We recommend using a passphrase, but you can just press ENTER to bypass this prompt:

Output
Created directory '/home/sammy/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Following that final prompt, your system will generate the SSH key pair:

Output
Your identification has been saved in /home/sammy/.ssh/id_rsa.
Your public key has been saved in /home/sammy/.ssh/id_rsa.pub.
The key fingerprint is:
a9:49:EX:AM:PL:E3:3e:a9:de:4e:77:11:58:b6:90:26 sammy@203.0.113.0
The key's randomart image is:
+--[ RSA 2048]----+
|     ..o         |
|   E o= .        |
|    o. o         |
|        ..       |
|      ..S        |
|     o o.        |
|   =o.+.         |
|. =++..          |
|o=++.            |
+-----------------+

You now have a public and private key that you can use to authenticate.

Conclusion

Congratulations, you have now generated a pair of SSH keys. These keys can be used to securely connect with a remote server and are necessary for the tutorial How To Set Up an Ubuntu Server on a DigitalOcean Droplet that follows this tutorial in the Introduction to the Cloud Curriculum.

For a deeper dive on working with SSH, please visit our guide SSH Essentials: Working With SSH Servers, Clients, and Keys.