SSH Key Generation¶
This document provides instructions on how to generate a new SSH key for use with Git and other services.
Generating an SSH Key¶
To generate a new SSH Key, follow the instructions below.
SSHD Running
Before checking for existing SSH keys, make sure the SSH daemon (sshd) is running. If it is not running, you will not be able to load the keys into the agent.
If you followed the setup guide to install OpenSSH, it should already be running. If you did not install OpenSSH because it is already installed, make sure it is running by executing the following command. You only have to run this command once.
Run the following command in Windows PowerShell as an Administrator to set the sshd service to start automatically.
# Set the sshd service to be started automatically.
Get-Service -Name sshd | Set-Service -StartupType Automatic
# Start the sshd service.
Start-Service sshd
In PowerShell, run the command:
ssh-keygen
The output of the command should look similar to this:
Generating public/private ecdsa key pair.
Enter file in which to save the key (C:\Users\username/.ssh/id_ed25519):
At the prompt, press Enter to save the SSH key to the default file path. Your PowerShell output should now look like this:
SSH Passphrase
An SSH Passphrase is used to encrypt the local file on your machine that contains the SSH Key. An SSH Key file is equivalent to a password stored as a file. A passphrase protects this file and prevents its usage by unauthorized individuals. A passphrase cannot be recovered if forgotten. If you decide to set a passphrase instead of leaving it empty, do not forget it.
Generating public/private ecdsa key pair.
Enter file in which to save the key (C:\Users\username/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter a passphrase or leave it empty for no passphrase. The prompt will ask you to confirm your passphrase (or empty input) again. After doing that, your PowerShell output should look similar to this:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\username/.ssh/id_ed25519.
Your public key has been saved in C:\Users\username/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:OIzc1yE7joL2Bzy8!gS0j8eGK7bYaH1FmF3sDuMeSj8 username@LOCAL-HOSTNAME
The key's randomart image is:
+--[ECDSA 256]--+
| . |
| o |
| . + + . |
| o B * = . |
| o= B S . |
| .=B O o |
| + =+% o |
| *oo.O.E |
|+.o+=o. . |
+----[SHA256]-----+
This will generate two files located in your ~/.ssh directory. The files are id_ed25519 and id_ed25519.pub. The id_ed25519 file is the private key and should be kept secret. The id_ed25519.pub file is the public key and can be shared with others, such as GitHub, GitLab, or machines that you SSH into. Never share your id_ed25519 file with anyone; only share the one ending in .pub.
SSHD Running
Before checking for existing SSH keys, make sure the SSH agent is running. If it is not running, you will not be able to load the keys into the agent.
Run the following command in Terminal to check if the agent is running.
echo "$SSH_AUTH_SOCK"
If the agent is running, you should see an output path. If the SSH Agent is not running, you should see no output or blank output. If the agent is not running, you can start it with the following command:
eval "$(ssh-agent -s)"
Generate your SSH Key
Run the following command in Terminal to generate your SSH Key.
ssh-keygen
Your output should look similar to this. Press Enter to accept the default file path and file name, or change it if you would like. For the purpose of this guide, we recommend you leave it as the default.
Generating public/private ecdsa key pair.
Enter file in which to save the key (/Users/yourusername/.ssh/id_ed25519):
SSH Passphrase
An SSH Passphrase is used to encrypt the local file on your machine that contains the SSH Key. An SSH Key file is equivalent to a password stored as a file. A passphrase protects this file and prevents its usage by unauthorized individuals. A passphrase cannot be recovered if forgotten. If you decide to set a passphrase instead of leaving it empty, do not forget it.
Next, you will be prompted for a passphrase. You can enter a passphrase or leave it empty. On macOS, we recommend setting a passphrase for added security, as it will prompt you for the passphrase whenever you use the key, or you can save it to the Apple Keychain for passwordless usage.
> Enter passphrase (empty for no passphrase): [Type a passphrase]
> Enter same passphrase again: [Type passphrase again]
Once your passphrase has been set and you have confirmed it, your key will be saved to the configured file.
SSHD Running
Before checking for existing SSH keys, make sure the SSH agent is running. If it is not running, you will not be able to load the keys into the agent.
Run the following command in Bash to check if the agent is running.
echo "$SSH_AUTH_SOCK"
If the agent is running, you should see an output path. If the SSH Agent is not running, you should see no output or blank output. If the agent is not running, you can start it with the following command:
eval "$(ssh-agent -s)"
Generate your SSH Key
Run the following command in Bash to generate your SSH Key.
ssh-keygen
Your output should look similar to this. Press Enter to accept the default file path and file name, or change it if you would like. For the purpose of this guide, we recommend you leave it as the default.
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/yourusername/.ssh/id_ed25519):
SSH Passphrase
An SSH Passphrase is used to encrypt the local file on your machine that contains the SSH Key. An SSH Key file is equivalent to a password stored as a file. A passphrase protects this file and prevents its usage by unauthorized individuals. A passphrase cannot be recovered if forgotten. If you decide to set a passphrase instead of leaving it empty, do not forget it.
Next, you will be prompted for a passphrase. You can enter a passphrase or leave it empty. When setting a passphrase for added security, it will prompt you for the passphrase whenever you use the key, or you can save it to the keyring for passwordless usage.
> Enter passphrase (empty for no passphrase): [Type a passphrase]
> Enter same passphrase again: [Type passphrase again]
Once your passphrase has been set and you have confirmed it, your key will be saved to the configured file.
After you have generated your SSH Keys, you must now set up your agent and load your keys into the agent.