Skip to content

SSH KeyGen

The steps shows you how to quickly generate and use an SSH public-private key file pair for Linux VMs. You can complete these steps with a macOS, or a Linux host.

Best Practices

SSH vs Passwords

It is a good practice to create VMs configured with passwords disabled because it greatly increases the difficulty of brute-force guessing attacks.

SSH Protocol and Key Formats

It is a good practice to limit access to the following formats

  • SSH protocol 2 (SSH-2) RSA (Rivest, Shamir, Adleman) with a minimum length of 2048 bits
  • ED25519 Keys with a fixed length of 256 bits

Info

Other key formats such as Elliptic-curve Diffie–Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) are not recommended.

Create an SSH Key Pair

Use the ssh-keygen command to generate SSH public and private key files. By default, these files are created in the ~/.ssh directory.

Info

You can specify a different location, and an optional password (passphrase) to access the private key file. If an SSH key pair with the same name exists in the given location, those files are overwritten.

The following command creates an SSH key pair using RSA encryption and a bit length of 4096:

ssh-keygen -m PEM -t rsa -b 4096 -f ~/.ssh/id_rsa.pem

The following command creates an SSH key pair using ED25519 encryption with a fixed length of 256 bits:

ssh-keygen -m PEM -t ed25519 -f ~/.ssh/id_ed25519.pem

View SSH Key Pair

If you're not familiar with the format of an SSH public key, you can display your public key with the following cat command.

Info

Replace ~/.ssh/id_rsa.pub with the path and filename of your own public key file if needed.

RSA Key Pair

cat ~/.ssh/id_rsa.pub

A typical RSA public key value looks like this example:

ssh-rsa AAAAB3NzaC1yc2EAABADAQABAAACAQC1/KanayNr+Q7ogR5mKnGpKWRBQU7F3Jjhn7utdf7Z2iUFykaYx+MInSnT3XdnBRS8KhC0IP8ptbngIaNOWd6zM8hB6UrcRTlTpwk/SuGMw1Vb40xlEFphBkVEUgBolOoANIEXriAMvlDMZsgvnMFiQ12tD/u14cxy1WNEMAftey/vX3Fgp2vEq4zHXEliY/sFZLJUJzcRUI0MOfHXAuCjg/qyqqbIuTDFyfg8k0JTtyGFEMQhbXKcuP2yGx1uw0ice62LRzr8w0mszftXyMik1PnshRXbmE2xgINYg5xo/ra3mq2imwtOKJpfdtFoMiKhJmSNHBSkK7vFTeYgg0v2cQ2+vL38lcIFX4Oh+QCzvNF/AXoDVlQtVtSqfQxRVG79Zqio5p12gHFktlfV7reCBvVIhyxc2LlYUkrq4DHzkxNY5c9OGSHXSle9YsO3F1J5ip18f6gPq4xFmo6dVoJodZm9N0YMKCkZ4k1qJDESsJBk2ujDPmQQeMjJX3FnDXYYB182ZCGQzXfzlPDC29cWVgDZEXNHuYrOLmJTmYtLZ4WkdUhLLlt5XsdoKWqlWpbegyYtGZgeZNRtOOdN6ybOPJqmYFd2qRtb4sYPniGJDOGhx4VodXAjT09omhQJpE6wlZbRWDvKC55R2d/CSPHJscEiuudb+1SG2uA/oik/WQ== username@domainname

ED25519 Key Pair

cat ~/.ssh/id_ed25519.pub

A typical ED25519 public key value looks like this example:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRjWGWLeiUQ3U9fNnCsNpXIyACpD/Jbm09OZGsz3DIM username@domainname

Using the Key Pair

You will be prompted to copy and paste the contents of the public key file during VM provisioning via the Developer Hub. Please make sure you don't copy any trailing whitespace.

Info

The public key that you place on your Linux VM is by default stored under ~/.ssh/ directory, unless you specified a different location when you created the key pair.