How do I generate SSH keys?

This tutorial explains the process of generating OpenSSH format SSH keys that can be used to access Hostereo server instances without requiring a password. The guide is suitable for users operating Linux, Mac, or Windows workstations.

Create an SSH Key with OpenSSH

To generate an SSH key using OpenSSH, you can use the standard OpenSSH utilities that come pre-installed on most Linux distributions and macOS. If you’re a Windows 10 user, you can also follow the installation instructions to get OpenSSH utilities.

Follow these steps to create your SSH key:

By default, the keys are stored in the ~/.ssh directory.
Most SSH clients automatically use these default filenames:

Algorithm: ED25519 (preferred)

• Public key: id_ed25519.pub
• Private key: id_ed25519

Algorithm: RSA (at least 2048-bit key size)

• Public key: id_rsa.pub
• Private key: id_rsa

Algorithm: DSA (deprecated)

• Public key: id_dsa.pub
• Private key: id_dsa

Algorithm: ECDSA

• Public key: id_ecdsa.pub
• Private key: id_ecdsa

1. Generate your key with ssh-keygen, substituting your email address.

In case your system is outdated and doesn’t support the Ed25519 algorithm, use the following command to create your SSH key: ssh-keygen -t rsa -b 4096 -C “[email protected]”

$ ssh-keygen -t ed25519 -C “[email protected]”

2. Press ENTER to save the key in the default location.

Generating public/private
ed25519 key pair.Enter file in which
to save the key(/
Users/example/.ssh/id_ed25519):

3. You have the option to create a passphrase for your key. While we recommend setting up a passphrase for added security, you can bypass this prompt by simply pressing ENTER. Keep in mind that if you choose to use a passphrase, you’ll need to enter it every time you use the key, unless you also use ssh-agent.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

4. Your key is generated and saved

Your identification has been
saved in /Users/example/.ssh/
id_ed25519.Your public key has been
saved in/Users/example/.ssh/
id_ed25519.pub.

The key fingerprint is:

SHA256:qx6prR4Zo+VU
7Fl8yivXzzzzzzzzJ/
9NRnPbrC20w7g [email protected]

The key’s randomart image is:

+–[ED25519 256]–+

| |

| o . |

| o B o + . |

| B + + o + |

| = = S o o o |

| = + = O + + |

| . + B B = * . |

| = O + o |

| .+o=.. E . |

+—-[SHA256]—–+

5. It’s important to create a backup of your private key since it cannot be retrieved if lost.

6. To connect to an existing server using your SSH key, you must first add the public key to the authorized_keys file. Additionally, you have the option to add the public key to your Hostereo account.

Install OpenSSH on Windows 10

The OpenSSH client is an installable component for Windows 10 1809.

1. Launch Settings then go to Apps > Apps and Features > Manage Optional Features.
2. Scan this list to see if OpenSSH Client is already installed. If not, then click Add a feature.
3. Locate OpenSSH Client, then click Install.
4. Optionally, you can also install OpenSSH Client with PowerShell.

Once you’ve installed OpenSSH, follow the instructions above to create your SSH key.

Create an SSH Key on Windows with PuTTYgen
To create an SSH key on Windows using PuTTYgen, follow these steps:

1. Download the latest version of the PuTTY utilities, preferably the MSI Windows Installer package.
2. Install the package and launch PuTTYgen.
3. Select EdDSA for the key type from the bottom of the program window.
4. Set “Curve to use for generating this key” to Ed25519 (255 bits) in the lower-right corner.
5. Click on the Generate button and move the mouse in the blank area to generate some random data.
6. Enter a Key comment to make it easier to identify your key later.
7. It’s important to keep your private key secure from unauthorized access. We recommend setting up a Key passphrase to protect your SSH key.
8. Save your private key and store it securely. This file contains your public/private key pair in PuTTY format, and it cannot be recovered if lost. You can re-import this file using PuTTYgen in the future to export or convert the format of your public key.
9. Click on Conversions and select Export OpenSSH key. Save this file and store it securely. This file contains your private SSH key in OpenSSH format, which you may need if you use an SSH client other than PuTTY.
10. Select the text in the Public key for pasting into OpenSSH authorized_keys file box and save it to a file. This file contains your public key in OpenSSH format. If you want to add this key to your Hostereo account, you’ll need to copy and paste this key into the Customer Portal.

If a password is set for the key, you will be prompted to enter it.

Recover a Lost Public Key
To recover the public key using OpenSSH when you have access to the private key, follow these steps:

1. Use the ssh-keygen command with the -y option to regenerate the public SSH key.
2. Provide the path to the private key with the -f option.
3. Redirect the output to a file of your choice.

For example, to regenerate the public key for ~/example_key and send the output to ~/example_key.pub:

$ ssh-keygen -y -f ~/example_key > ~/example_key.pub

Enter your old and new passphrase (twice) at the prompts.

$ ssh-keygen -p -f ~/example_key

Change the Key’s Passphrase

You can change the passphrase on a private key with the -p option and pass the key name with the -f option.

The output is something like this:

View the Key’s Fingerprint

Print the key’s SHA256 fingerprint with the -l option, and pass the key name with the -f option.

$ ssh-keygen -p -f ~/example_key

3072 SHA256:pqdEtfbmIRwq Tk9PpApa7DMvAxqCA577vJ/
FcgyUM0Qroot@localhost (RSA).

You will be prompted to authenticate with your server and transfer the key to the remote server’s authorized_keys file.

$ ssh-copy-id -i ~/.ssh/example_key.pub [email protected]

Transfer a Key to Your Server

​​OpenSSH provides a utility to transfer a key to your server, which requires authentication via SSH.
To use this utility, follow these steps:

1. Use the -i option to specify the public key you want to transfer to the server.
2. Replace the example values with your own username and the server’s IP address.

About SSH Key Formats

ED25519 keys were introduced in OpenSSH 6.5 back in 2014, and they are now widely available on various operating systems. Compared to RSA keys, ED25519 keys are considered to be more secure and offer better performance. However, if you choose to use an RSA key, it is recommended by the US National Institute of Science and Technology to use a key size of at least 2048 bits to ensure a higher level of security.