How to generate an SSH private/public key pair for Saturn Cloud user authentication using OpenSSH?
Secure Shell (SSH) is a cryptographic network protocol used for secure data communication. SSH keys provide a secure way to authenticate and log in to remote servers.
SSH allow authentication between two hosts without the need of a password. SSH key authentication uses a private key and a public key.
Step 1: Open a Terminal (Linux/Mac) or Command Prompt (Windows)
Open a terminal or command prompt on your computer. This is where you’ll enter the commands to generate the SSH key pair.
Note: Install Required Software OpenSSH Client, If Needed
If you are using Windows, by default, you may not have access to the ssh-keygen command. To use this command, install and use one of the following options, based on your Windows version:
- Any Windows version: Install Git for Windows and use its Bash shell.
- Windows 10/11: Install Windows Subsystem for Linux (WSL).
- Windows 10/11: Open the Windows 10 Start menu and search for “Apps & Features”. In the “Apps & Features” heading, click “Optional Features”. Scroll down the list to see if “OpenSSH Client” is listed. If not, click the plus sign next to “Add a feature”, select OpenSSH Client, and click “Install”. Now ready to use in command prompt.
- Windows 7/8.1: To generate a key pair with the PuTTY key generator, simply run puttygen.exe and click the Generate button in the window that appears.
If you are using Linux:
# To install the OpenSSH client, If Needed
sudo apt install openssh-client
# [Optionally] To install the OpenSSH server application
# sudo apt install openssh-serverStep 2: Generate SSH Key Pair
Use in the ssh-keygen command to generate a new SSH key pair. You can run the following command:
ssh-keygen -t ed25519 -a 100 -C "your_email@example.com"-t ed25519: Specifies the type of key to create (in this case, Ed25519).
-a 100: Specifies the number of KDF (Key Derivation Function) rounds used. It’s a security parameter; higher values increase the time it takes to brute-force the key.
-b 2048: Specifies the number of bits in the key (2048 is a common value), But the more the better (related type of key).
-f ~/.ssh/id_ed25519: Specifies the filename of the key file. You can change the path and filename if you prefer.
-C "your_email@example.com": An option to specify a label/comment. It’s purely informational and can be anything. by default filled with <"login">@<"hostname"> who generated the key.
Press Enter to run the command.
Choosing an Algorithm and Key Size
SSH supports several public key algorithms for authentication keys. These include:
- rsa — an old algorithm based on the difficulty of factoring large numbers. A key size of at least 2048 bits is recommended for RSA; 4096 bits is better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm may be advisable. It is quite possible the RSA algorithm will become practically breakable in the foreseeable future. All SSH clients support this algorithm.
- dsa — an old US government Digital Signature Algorithm. It is based on the difficulty of computing discrete logarithms. A key size of 1024 would normally be used with it. DSA in its original form is no longer recommended.
- ecdsa — a new Digital Signature Algorithm standarized by the US government, using elliptic curves. This is probably a good algorithm for current applications. Only three key sizes are supported: 256, 384, and 521 (sic!) bits. We would recommend always using it with 521 bits, since the keys are still small and probably more secure than the smaller keys (even though they should be safe as well). Most SSH clients now support this algorithm.
- ed25519 this is a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Thus its use in general purpose applications may not yet be advisable.
The algorithm is selected using the -t option and key size using the -b option. The following commands illustrate:
ssh-keygen -t rsa -b 4096
ssh-keygen -t dsa
ssh-keygen -t ecdsa -b 521
ssh-keygen -t ed25519Step 3: (Optional) Choose a Location for Your SSH Key Pair
You will be prompted to choose a location to save the key pair. Press Enter to save it in the default location (~/.ssh/id_rsa on Linux/Mac or C:\Users\your_username\.ssh\id_rsa on Windows).
# Go to the ssh folder
cd ~/.sshStep 4: (Optional) Set a Passphrase
You can choose to set a passphrase for an extra layer of security. Press Enter if you don't want to set a passphrase, or enter a passphrase if you want to.
Step 5: View Your Public Key
After the key pair is generated, you can view the public key using the following command:
# Open file
cat ~/.ssh/id_ed25519.pub # Linux/Mac
type C:\Users\your_username\.ssh\id_ed25519.pub # WindowsCopy the entire content of the public key (starts with ssh-ed25519).
Step 6: (Optional) Add the Public Key to Your SSH Agent
If you’re using an SSH agent, you can add the private key to the agent for secure storage:
# Check ssh-agent if running
eval "$(ssh-agent -s)"
ssh-add -l# Add create key
ssh-add ~/.ssh/id_ed25519 # Linux/Mac
ssh-add C:\Users\your_username\.ssh\id_ed25519 # WindowsStep 7: Add the Public Key to Your Remote Server
Copy the public key and add it to the ~/.ssh/authorized_keys file on your remote server. You can use the following command to copy the public key to the clipboard:
pbcopy < ~/.ssh/id_ed25519.pub # Linux/Mac
clip < C:\Users\your_username\.ssh\id_ed25519.pub # WindowsPaste the public key into the authorized_keys file on your server.
Step 8: Test the SSH Connection
You can now test the SSH connection to your server:
ssh user@your_server_ipReplace user with your username and your_server_ip with the actual IP address or hostname of your server.
That’s it! You’ve successfully generated an SSH key pair and configured it for secure authentication.
Sample Test: Connect Github via SSH Connection
ADD generated public key to your GitHub account:
GITHUB — SSH and GPG keys (github.com)
Open Git Bash, Enter the following:
ssh -T git@github.com
# Attempts to ssh to GitHubYou may see a warning like this:
> The authenticity of host 'github.com (IP ADDRESS)' can't be established.
> ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
> Are you sure you want to continue connecting (yes/no)?Verify that the fingerprint in the message you see matches GitHub’s public key fingerprint. If it does, then type yes:
> Hi USERNAME! You've successfully authenticated, but GitHub does not
> provide shell access.Note: The remote command should exit with code 1.
ssh -v -T git@github.com
# provide more detailed informationVerify that the resulting message contains your username. If you receive a “permission denied” message, see “Error: Permission denied (publickey).”
