SSH keys are a way to identify trusted computers, without involving passwords. The steps below will walk you through generating an SSH key and adding the public key to the server. Step 1: Check for SSH Keys First, check for existing SSH keys on your computer. Open Git Bash, Cygwin, or Terminal, etc.
You can generate an SSH key on Windows using the PuTTY SSH client. You can download PuTTY for free from this URL.
To generate a key with PuTTY, you should:
For more information on how to load the key and connect via SSH using PuTTY, please check this tutorial.
You find this article useful? Click here to learn more about SiteGround web hosting experts and what else we can do for you!
Using SSH public-key authentication to connect to a remote system is a robust, more secure alternative to logging in with an account password or passphrase. SSH public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one 'private' and the other 'public'. You keep the private key a secret and store it on the computer you use to connect to the remote system. Conceivably, you can share the public key with anyone without compromising the private key; you store it on the remote system in a .ssh/authorized_keys
directory.
To use SSH public-key authentication:
~/.ssh/authorized_keys
file in your account.To set up public-key authentication using SSH on a Linux or macOS computer:
To generate RSA keys, on the command line, enter:
Enter
or Return
without entering a filename.Alternatively, you can enter a filename (for example, my_ssh_key
) at the prompt, and then press Enter
or Return
. However, many remote hosts are configured to accept private keys with the default filename and path (~/.ssh/id_rsa
for RSA keys) by default. Consequently, to authenticate with a private key that has a different filename, or one that is not stored in the default location, you must explicitly invoke it either on the SSH command line or in an SSH client configuration file (~/.ssh/config
); see below for instructions.
Enter
or Return
. If you press Enter
or Return
without entering a password, your private key will be generated without password-protection.Your private key will be generated using the default filename (for example, id_rsa
) or the filename you specified (for example, my_ssh_key
), and stored on your computer in a .ssh
directory off your home directory (for example, ~/.ssh/id_rsa
or ~/.ssh/my_ssh_key
).
The corresponding public key will be generated using the same filename (but with a .pub
extension added) and stored in the same location (for example, ~/.ssh/id_rsa.pub
or ~/.ssh/my_ssh_key.pub
).
~/.ssh/id_rsa.pub
) to your account on the remote system (for example, [email protected]
); for example, using command-line SCP: You'll be prompted for your account password. Your public key will be copied to your home directory (and saved with the same filename) on the remote system.
~/.ssh/authorized_keys
file in your account (if your account doesn't have ~/.ssh/authorized_keys
file, system administrators can create one for you). Once your public key is added to your ~/.ssh/authorized_keys
file on the remote system, the setup process is complete, and you should now be able to SSH to your account from the computer that has your private key.~/.ssh/authorized_keys
file, create one; on the command line, enter the following commands: ~/.ssh/authorized_keys
file, executing these commands will not damage the existing directory or file.~/id_rsa.pub
) to a new line in your ~/.ssh/authorized_keys
file; on the command line, enter: You may want to check the contents of ~/.ssh/authorized_keys
to make sure your public key was added properly; on the command line, enter:
~/id_rsa.pub
) from your account on the remote system; on the command line, enter:Alternatively, if you prefer to keep a copy of your public key on the remote system, move it to your .ssh
directory; on the command line, enter:
Create the root key.Sign in to your computer where OpenSSL is installed and run the following command. You can find OpenSSL bundled with many Linux distributions, such as Ubuntu.A web serverFor example, Apache, IIS, or NGINX to test the certificates.An Application Gateway v2 SKUIf you don't have an existing application gateway, see.Create a root CA certificateCreate your root CA certificate using OpenSSL. For example, at least nine characters, using upper case, lower case, numbers, and symbols.Create a Root Certificate and self-sign it.Use the following commands to generate the csr and the certificate. This creates a password protected key. Openssl ecparam -out contoso.key -name prime256v1 -genkey.At the prompt, type a strong password. How to generate ssl.
[email protected]
) from the computer (for example, host1
) that has your private key (for example, ~/.ssh/id_rsa
):If the private key you're using does not have the default name, or is not stored in the default path (not ~/.ssh/id_rsa
), you must explicitly invoke it in one of two ways:
-i
flag and the path to your private key.For example, to invoke the private key host2_key
, stored in the ~/.ssh/old_keys
directory, when connecting to your account on a remote host (for example, [email protected]
), enter:
~/.ssh/config
), if it exists/etc/ssh/ssh_config
)The SSH client configuration file is a text file containing keywords and arguments. To specify which private key should be used for connections to a particular remote host, use a text editor to create a ~/.ssh/config
that includes the Host
and IdentityFile
keywords.
For example, for connections to host2.somewhere.edu
, to make SSH automatically invoke the private key host2_key
, stored in the ~/.ssh/old_keys
directory, create a ~/.ssh/config
file with these lines included:
Once you save the file, SSH will use the specified private key for future connections to that host.
You can add multiple Host
and IdentityFile
directives to specify a different private key for each host listed; for example:
Alternatively, you can use a single asterisk ( *
) to provide global defaults for all hosts (specify one private key for several hosts); for example:
For more about the SSH client configuration file, see the OpenSSH SSH client configuration file on the web or from the command line (man ssh_config
).
The PuTTY command-line SSH client, the PuTTYgen key generation utility, the Pageant SSH authentication agent, and the PuTTY SCP and SFTP utilities are packaged together in a Windows installer available under The MIT License for free download from the PuTTY development team.
After installing PuTTY:
2048
).putty_key
), select a location on your computer to store it, and then click Save.putty_private_key
), select a location on your computer to store it, and then click Save.putty_rsa
), select a location on your computer to store it, and then click Save.If the remote system does not support password-based authentication, you will need to ask system administrators to add your public key to the ~/.ssh/authorized_keys
file in your account (if your account doesn't have ~/.ssh/authorized_keys
file, system administrators can create one for you). Once your public key is added to your account's ~/.ssh/authorized_keys
file on the remote system..
~/.ssh/authorized_keys
file, create one; on the command line, enter the following commands:If your account on the remote system already has ~/.ssh/authorized_keys
, executing these commands will not damage the existing directory or file.
~/.ssh/authorized_keys
file, and then save and close the file.putty_private_key.ppk
), select the file, and then click Open.If your private key is not passphrase-protected, Pageant will add your private key without prompting you for a passphrase.
Either way, Pageant stores the unencrypted private key in memory for use by PuTTY when you initiate an SSH session to the remote system that has your public key.
Deathstar
), and then click Save.Startup
folder to launch Pageant and load your private key automatically whenever you log into your desktop. For instructions, finish the rest of the following steps.Startup
folder. Press Win-r
, and in the 'Open' field, type shell:startup
, and then press Enter
.Startup
folder, and then select New and Shortcut.pageant.exe
) followed by the path to your private key file (for example, putty_private_key.ppk
); enclose both paths in double quotes; for example: PAGEANT
).The next time you log into your Windows desktop, Pageant will start automatically, load your private key, and (if applicable) prompt you for the passphrase.