Create public SSH keys

SSH keys are much safer than passwords and are considered best practice.

Secure Shell (SSH) uses encryption to secure the connection between a client and a server. In this guide, we'll show how to create SSH keys to log in to a server more securely.

SSH key authentication is more secure than passwords because the private key is never shared with anyone else. It’s also more convenient with SSH keys, since you don’t have to type your password each time you log in to your server.

When you generate SSH keys, two key files are created: a private key and a public key.

The private key is named id_ed25519. This key should be treated like a password and must never be disclosed.

The public key is named id_ed25519.pub. You can share this with others. This is also the part you place on servers you want to be able to log into using your private key.

After you have created your key pair, copy the contents of the .pub file (the public key) and place it on the remote server in the file .ssh/authorized_keys within your home directory.

Create SSH keys

The procedure for creating SSH keys is pretty similar across systems. However, there are some differences. Here, we'll cover macOS/Linux, Windows using OpenSSH, and Windows using WSL (Windows Subsystem for Linux).

Open a terminal and run:

Command

ssh-keygen -a 100 -t ed25519 -f ~/.ssh/id_ed25519

Choose a strong passphrase and press Enter to continue. You can skip this step, but we recommend setting a passphrase to protect your private key. Note that you will need to enter the passphrase twice. After confirming the passphrase, the system generates a key pair:

Output and prompts. Prompts are highlighted.

Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_ed25519.
Your public key has been saved in /home/user/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:51yQPILlrqdxLQTe7VRxmdxVnCdozD19At2wsHBm/H4 [email protected]
The key's randomart image is:
+--[ED25519 256]--+
|        . .+B*oO*|
|       + . **=XoB|
|      o o =.o..+o|
|     . + o +  .  |
|      . S + ..   |
|       o B .  . E|
|      o + =    . |
|       = .       |
|      .          |
+----[SHA256]-----+

Type cat ~/.ssh/id_ed25519.pub in the terminal to display your public key.

Example output

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/CS06SzixI4S/VfVwoOY3jFEdFWXvrKQxmhYT6gRMX [email protected]

Open a PowerShell terminal and execute:

Command

ssh-keygen -a 100 -t ed25519

Output and prompts. Prompts are highlighted.

Generating public/private ed25519 key pair.
Enter file in wich to save the key (C:\User\user/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /User/user/.ssh/id_ed25519.
Your public key has been saved in /User/user/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:51yQPILlrqdxLQTe7VRxmdxVnCdozD19At2wsHBm/H4 user@DESKTOP-RLJCRBQ
The key's randomart image is:
+--[ED25519 256]--+
|        . .+B*oO*|
|       + . **=XoB|
|      o o =.o..+o|
|     . + o +  .  |
|      . S + ..   |
|       o B .  . E|
|      o + =    . |
|       = .       |
|      .          |
+----[SHA256]-----+

Run type $HOME\.ssh\id_ed25519.pub in a terminal window to display your public key.

Example output

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/CS06SzixI4S/VfVwoOY3jFEdFWXvrKQxmhYT6gRMX user@DESKTOP-RLJCRBQ

To run Linux directly on Windows, we will install WSL (Windows Subsystem for Linux) and Windows Terminal.

We start by installing WSL. Open PowerShell with administrator privileges by right‑clicking Windows PowerShell in the Start menu and selecting Run as administrator. In the PowerShell terminal, type the following:

Command

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

You should now see something similar to this. Answer y at the prompt and press Enter.

Output and prompts. Prompts are highlighted.

Do you want to restart the computer to complete this operation now?
[Y] Yes  [N] No  [?] Help (default is "Y"):

After the computer has rebooted, install Ubuntu 22.04 and Windows Terminal.

Then launch Ubuntu 22.04 from the Start menu or the Microsoft Store. You can also find Ubuntu through Windows Terminal.

Follow the guide to create a new user.

Output and prompts. Prompts are highlighted.

Installing, this may take a few minutes...
Please create a default UNIX user account. The username does not need to match your Windows username.
For more information visit: https://aka.ms/wslusers
Enter new UNIX username: user
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Installation successful!
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details

Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.4.72-microsoft-standard-WSL2 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

This message is shown once a day. To disable it please create the
/home/user/.hushlogin file.

The Ubuntu installation is now complete!

Now, enter the following command to generate your key pair:

Command

ssh-keygen -a 100 -t ed25519 -f ~/.ssh/id_ed25519

Output and prompts. Prompts are highlighted.

Generating public/private ed25519 key pair.
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_ed25519.
Your public key has been saved in /home/user/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:51yQPILlrqdxLQTe7VRxmdxVnCdozD19At2wsHBm/H4 [email protected]
The key's randomart image is:
+--[ED25519 256]--+
|        . .+B*oO*|
|       + . **=XoB|
|      o o =.o..+o|
|     . + o +  .  |
|      . S + ..   |
|       o B .  . E|
|      o + =    . |
|       = .       |
|      .          |
+----[SHA256]-----+

Type cat ~/.ssh/id_ed25519.pub in the terminal to display your public key.

Example output

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/CS06SzixI4S/VfVwoOY3jFEdFWXvrKQxmhYT6gRMX user@DESKTOP-RLJCRBQ

Congratulations

Now you have your public SSH key, which you can add directly when you create a server on our KVM or VMware platform in Glesys Cloud.

PreviousBlock entire countries in the firewall NextProtect SSH with Fail2ban in Debian 11 or newer

Last updated 7 months ago

Was this helpful?