Making an SSH Key

Programs have different options for the ssh public key format. We use the OpenSSH key format. It is safe to share your public key with anyone. Never share your private key!

OpenSSH (Linux, Windows) and Terminal (OS X)

The following SSH key algorithms are supported:

Linux Installation Instructions

If openssh is not already installed, on Debian/Ubuntu try

$ aptitude install openssh-client

or on Redhat/CentOS

$ yum install openssh-clients

or download the portable source from and compile it. When OpenSSH is setup you can generate a key and try to login.

Windows Installation Instructions

Windows 10 comes with OpenSSH installed by default. On older Windows versions, install cygwin from and select the openssh package.

OS X Installation Instructions

Terminal comes installed with OS X.

Key Generation

Check for existing keys before beginning:

$ ls -la ~/.ssh

If there is no key you already want to use, generate a new key as shown in the following sections.

Generating an SSH Key in Windows

Windows 10 has an OpenSSH client (ssh-keygen) installed by default. We recommend using this tool if possible. However if not then see instructions for PuTTY below.

Using the Native Win 10 SSH Client

  1. First, verify that the Windows SSH client is installed on your computer. Press the Windows logo key on your keyboard or click on the Start Menu. Type cmd. Right-click on the Windows Command Prompt and select Run as administrator.

  2. In the command line, type ssh and Enter. If the client is installed, then Windows will return a short summary of command-line options.

  3. In the command line, enter ssh-keygen to use the default values (Algorithm RSA, keysize 2048 bits). To select a different algorithm and keysize, use the -t and -b options, as shown below.

    $ ssh-keygen -t rsa -b 4096
    # -or-
    $ ssh-keygen -t ecdsa -b 521
    # -or-
    $ ssh-keygen -t ed25519

  4. In all cases, Windows will return a default directory and filename under which to save the private key. If you wish to use a different name and path then enter it with the -f option, as in ssh-keygen -f /path/to/file -t ed25519.

  5. Windows then requires a password or passphrase to encrypt the keys. Use a strong password for this.

Once all the required information is entered, Windows will return the location of your public and private keys, the key hash, and other information.

$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/<user>/.ssh/id_rsa): /home/<user>/.ssh/<keyname>
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/<user>/.ssh/<keyname>.
Your public key has been saved in /home/<user>/.ssh/<keyname>.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 4096]----+
|.oo.o.   o       |
|...+ .  . o      |
| .=.= .. .       |
|  .+.+..  .      |
|   ...  SE o . . |
|    .     . o +  |
|             +   |
|              .  |

Installing PuTTY

Download the PuTTY installer and install it. These are the keys for verifying the signature.

Key Generation with PuTTY

  1. Run PuTTYgen.
  2. Click “Generate” to generate a key.
  3. Enter a passphrase for the private key.
  4. Save the private key.
  5. Copy/paste the “OpenSSH authorized_keys” text to a separate public key file. The contents of this file (typically starting with ssh-rsa or ssh-dss) is what you need to use when either signing up or changing the key for a VM.

The PuTTY configuration settings are as the VPS console.

Commercial SSH Clients

These are links to tutorials for the given client. We do not have personal experience with any of these clients.