-
Notifications
You must be signed in to change notification settings - Fork 224
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
71 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,19 +1,19 @@ | ||
| --- | ||
| meta: | ||
| title: How to generate an SSH key | ||
| description: This page explains how to generate an SSH key | ||
| title: How to generate an SSH key pair | ||
| description: This page explains how to generate an SSH key pair | ||
| content: | ||
| h1: How to generate an SSH key | ||
| paragraph: This page explains how to generate an SSH key | ||
| h1: How to generate an SSH key pair | ||
| paragraph: This page explains how to generate an SSH key pair | ||
| tags: generate key ssh ssh-key create publickey public-key | ||
| dates: | ||
| validation: 2023-12-27 | ||
| validation: 2024-06-10 | ||
| posted: 2021-06-08 | ||
| categories: | ||
| - console | ||
| --- | ||
|
|
||
| [SSH keys](/console/account/concepts/#ssh-key) allow you to securely connect to your Instances, Elastic Metal servers, and Mac minis without using a password. An SSH key consists of an [RSA key pair](https://en.wikipedia.org/wiki/RSA_(cryptosystem)), which has two elements: | ||
| [SSH keys](/console/account/concepts/#ssh-key) allow you to securely connect to your Instances, Elastic Metal servers, and Mac minis without using a password. An SSH key consists of a key pair, which has two elements: | ||
|
|
||
| - An **identification key** (also known as a private key), which you must keep securely on the computer you want to connect from. | ||
| - A **public key** which you must upload to the Scaleway interface. This is then transferred to your Instance during the boot process. | ||
|
|
@@ -25,84 +25,107 @@ You can generate the SSH key pair on your local machine. The process will depend | |
| - A Scaleway account logged into the [console](https://console.scaleway.com) | ||
| - [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization | ||
|
|
||
| ## How to generate an SSH key pair on OSX and Linux | ||
| ## How to generate an Ed25519 SSH key pair | ||
|
|
||
| On OSX and Linux, you can generate the SSH key pair directly from the terminal (command line). | ||
| ### How to generate an Ed25519 SSH key pair on macOS and Linux | ||
|
|
||
| On macOS and Linux, you can generate the SSH key pair directly from the terminal. | ||
|
|
||
| 1. Open the terminal application by clicking on the corresponding icon. | ||
| <Lightbox src="scaleway-terminal-icon.webp" alt=""/> | ||
| 2. Type `ssh-keygen -t ed25519 -C "login" -Z [email protected]` and press `Enter` to generate a new key. | ||
| <Lightbox src="scaleway-terminal-icon.webp" alt="Terminal Icon"/> | ||
| 2. Type the following command and press **Enter** to generate a new key: | ||
| ```bash | ||
| ssh-keygen -t ed25519 -C "[email protected]" | ||
| ``` | ||
| <Message type="important"> | ||
| It is strongly recommended to use [Ed25519](https://en.wikipedia.org/wiki/EdDSA#Ed25519) for increased security and performance. However, if for any reason you can not use these keys, you can create a RSA4096 key, as a fallback option, using the command `ssh-keygen -o -b 4096`. | ||
| It is strongly recommended to use [Ed25519](https://en.wikipedia.org/wiki/EdDSA#Ed25519) for increased security and performance. If you cannot use Ed25519 keys, you can create an RSA4096 key as a fallback option: | ||
| ```bash | ||
| ssh-keygen -o -b 4096 -C "[email protected]" | ||
| ``` | ||
| </Message> | ||
| 3. Enter a file path in which to save the key when prompted. Alternatively, press **Enter** to leave this at the default setting (the key will be saved in a file called `id_ed25519` in the user's `~/.ssh/` directory). | ||
| 3. When prompted to enter a file path in which to save the key, either specify a path or press **Enter** to accept the default location (`~/.ssh/id_ed25519`). | ||
| ``` | ||
| Enter file in which to save the key (~/.ssh/id_ed25519):` | ||
| Enter file in which to save the key (~/.ssh/id_ed25519): | ||
| ``` | ||
| 4. Enter a passphrase when prompted. This step is not mandatory but recommended for increased security. The passphrase can be freely chosen. If you do not want to set a passphrase, press **Enter** directly. | ||
| 4. Enter a passphrase when prompted. This step is optional but recommended for increased security. If you do not want to set a passphrase, press **Enter** directly. | ||
| ``` | ||
| Enter passphrase (empty for no passphrase): | ||
| ``` | ||
| 5. Enter the passphrase again for confirmation when prompted, and press **Enter**: | ||
| 5. Confirm the passphrase by entering it again when prompted, and press **Enter**: | ||
| ``` | ||
| Enter same passphrase again: | ||
| ``` | ||
|
|
||
| The key pair is generated in the filepath you specified. The key pair consists of: | ||
| - The public key, named `id_ed25519.pub` | ||
| - The private (identification) key, named `id_ed25519` | ||
| 6. Display the content of the public key with the following command and copy it. | ||
| ``` | ||
| The key pair will be generated in the specified filepath. The key pair consists of: | ||
| - The public key, named `id_ed25519.pub` | ||
| - The private key, named `id_ed25519` | ||
| <Message type="important"> | ||
| Ensure that the private key file (`<key_name>`) is kept secure. Do not share it with unauthorized parties. You can set appropriate permissions on the file to restrict access using the following command: | ||
| ```bash | ||
| chmod 600 <key_name> | ||
| ``` | ||
| </Message> | ||
| 6. Display the content of the public key with the following command and copy it: | ||
| ```bash | ||
| cat ~/.ssh/id_ed25519.pub | ||
| ``` | ||
| 7. Copy the content of the public key which is displayed. You will need this in the next step. Your key should look something like the output shown: | ||
| 7. Copy the content of the public key displayed. You will need this in the next step. It should look something like this: | ||
| ``` | ||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPZxtCMs5sIfsMWpq7SHuqFFpBtSTmFqXWOYdf6dX4i me@example.com | ||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPZxtCMs5sIfsMWpq7SHuqFFpBtSTmFqXWOYdf6dX4i login@example.com | ||
| ``` | ||
|
|
||
| ## How to generate an SSH key pair on Windows | ||
| ### How to generate an Ed25519 SSH key pair on Windows | ||
|
|
||
| On Windows, you can use the third-party application [PuTTYgen](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) to generate an SSH key pair. | ||
|
|
||
| 1. Download and install [PuTTY](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) to your local computer. The **PuTTYgen** application is automatically installed (as well as the main PuTTY application). | ||
| <Lightbox src="scaleway-puttygen-app.webp" alt=""/> | ||
| 2. Launch PuTTYgen by double-clicking on the application icon. 1. Download and install [PuTTY](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) to your local computer. The **PuTTYgen** application is automatically installed (as well as the main PuTTY application). | ||
| 1. Download and install [PuTTY](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) on your local computer. The **PuTTYgen** application is automatically installed along with the main PuTTY application. | ||
| <Lightbox src="scaleway-puttygen-app.webp" alt="PuTTYgen App"/> | ||
| 2. Launch PuTTYgen by double-clicking the application icon. | ||
| 3. Select **EdDSA** and click the **Generate** button. You can also add a passphrase before generating the key to increase security. | ||
| <Lightbox src="scaleway-puttygen-01.webp" alt="" /> | ||
| 4. Move the mouse around the blank area as instructed, to generate randomness. | ||
| <Lightbox src="scaleway-puttygen-02.webp" alt="" /> | ||
| <Lightbox src="scaleway-puttygen-01.webp" alt="PuTTYgen Generate Key"/> | ||
| 4. Move the mouse around the blank area as instructed to generate randomness. | ||
| <Lightbox src="scaleway-puttygen-02.webp" alt="PuTTYgen Randomness"/> | ||
|
|
||
| The public and private keys are generated and the following screen displays: | ||
| <Lightbox src="scaleway-puttygen-03.webp" alt="" /> | ||
| The public and private keys are generated, and the following screen will display: | ||
| <Lightbox src="scaleway-puttygen-03.webp" alt="PuTTYgen Keys Generated"/> | ||
| 5. Complete the steps on the screen to finish: | ||
| - Fill in the **Key-comment** field with a name to help you identify this key pair | ||
| - Click the **Save public key** button and save it in the folder of your choice | ||
| - Click the **Save private key** button and save it the same folder | ||
| - Select the content of the public key (the sequence of characters under "Public key for pasting into OpenSSH authorized_keys file"). Copy it, as you will need this in the next step. | ||
| - Fill in the **Key comment** field with a name to help you identify this key pair. | ||
| - Click the **Save public key** button and save it in the folder of your choice. | ||
| - Click the **Save private key** button and save it in the same folder. | ||
| <Message type="important"> | ||
| Ensure that the private key file (`<key_name>`) is kept secure. Do not share it with unauthorized parties. | ||
| </Message> | ||
| - Select the content of the public key (the sequence of characters under "Public key for pasting into OpenSSH authorized_keys file") and copy it, as you will need this in the next step/ | ||
|
|
||
| ## How to generate a RSA key pair | ||
| ## How to generate a RSA SSH key pair | ||
|
|
||
| <Message type="tip"> | ||
| * Windows-based Instances require a special type of SSH key known as RSA (Rivest-Shamir-Adleman), a prevalent asymmetric cryptographic algorithm employed for ensuring secure data transmission. | ||
| * It is recommended to use Ed25519 keys for SSH connections to your Linux Instances. | ||
| - Windows-based Instances require a special type of SSH key known as RSA (Rivest-Shamir-Adleman), a prevalent asymmetric cryptographic algorithm used for secure data transmission. | ||
| - It is recommended to use [Ed25519 keys](#how-to-generate-an-ed25519-ssh-key-pair) for SSH connections to your Linux Instances. | ||
| </Message> | ||
|
|
||
| 1. Open a terminal or command prompt on your local machine. This could be Terminal on macOS/Linux or the command prompt/PowerShell on Windows. | ||
| 1. Open a terminal or command prompt on your local machine. This could be Terminal on macOS/Linux or the Command Prompt/PowerShell on Windows. | ||
| 2. Run the following command to generate the RSA key pair: | ||
| ```bash | ||
| ssh-keygen -t rsa -b 4096 -C "login" -Z [email protected] -f <key_name> | ||
| ``` | ||
| Replace `<key_name>` with the desired name for your key pair. For example: | ||
| ```bash | ||
| ssh-keygen -t rsa -b 4096 -C "login" -Z [email protected] -f my_windows_key | ||
| ssh-keygen -t rsa -b 4096 -C "[email protected]" -o -a 100 | ||
| ``` | ||
| This command will generate two files: | ||
| - `<key_name>`: The private key file (e.g., `my_windows_key`) | ||
| - `<key_name>.pub`: The public key file (e.g., `my_windows_key.pub`) | ||
| - When prompted, enter the file in which to save the key and press Enter. If you want to save it to the default location, press Enter without typing a filename. | ||
| - Enter a passphrase and press Enter. For added security, choose a strong passphrase. | ||
| - Enter the same passphrase again to confirm and press Enter. | ||
|
|
||
| 3. This command will generate two files: | ||
| - `<key_name>`: The private key file (e.g., `id_rsa`) | ||
| - `<key_name>.pub`: The public key file (e.g., `id_rsa.pub`) | ||
| <Message type="important"> | ||
| When generating the key pair, ensure that the private key file (`<key_name>`) is kept secure. Do not share it with unauthorized parties. You can set appropriate permissions on the file to restrict access. | ||
| Ensure that the private key file (`<key_name>`) is kept secure. Do not share it with unauthorized parties. You can set appropriate permissions on the file to restrict access using the following command: | ||
| ```bash | ||
| chmod 600 <key_name> | ||
| ``` | ||
| </Message> | ||
|
|
||
| --- | ||
|
|
||
| This revision improves clarity by adding specific options to the `ssh-keygen` command for better security, ensuring the instructions are easy to follow, and clearly specifying the steps for both Windows and macOS/Linux users. It also provides a command to set appropriate permissions on the private key file. | ||
| ## How to upload the public SSH key to the Scaleway interface | ||
|
|
||
| You must upload the content of the public part of the SSH key pair you just generated to the Scaleway interface. This is then transferred to your Instance during the boot process. You can then connect and authenticate from your local machine (where the private key is) to the remote Instance (where the public key is). | ||
|
|
||