How to Create SSH Keys with OpenSSH on MacOS or Linux

DigitalOcean Droplets are Linux-based virtual machines (VMs) that run on top of virtualized hardware. Each Droplet you create is a new server you can use, either standalone or as part of a larger, cloud-based infrastructure.

Note

If you’re struggling with SSH and server management, try our managed products Cloudways and App Platform. Cloudways deploys pre-installed software stacks onto Droplets, and App Platform deploys and scales apps directly from your code repository, along with databases and serverless functions, no SSH or server administration required.

The standard OpenSSH suite of tools contains the ssh-keygen utility, which is used to generate key pairs. Run it on your local computer to generate a 2048-bit RSA key pair, which is fine for most uses.

ssh-keygen

The utility prompts you to select a location for the keys. By default, the keys are stored in the ~/.ssh directory with the filenames id_rsa for the private key and id_rsa.pub for the public key. Using the default locations allows your SSH client to automatically find your SSH keys when authenticating, so we recommend accepting them by pressing ENTER.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
 

Warning

If you have previously generated a key pair, you may see a prompt that looks like this:

/home/username/.ssh/id_rsa already exists.
Overwrite (y/n)?

Copy

If you choose to overwrite the key on disk, you cannot authenticate using the previous key anymore. Selecting yes is an irreversible destructive process.

Once you select a location for the key, you are prompted to enter an optional passphrase which encrypts the private key file on disk.

If you enter one, you have to provide it every time you use this key (unless you are running SSH agent software that stores the decrypted key). We recommend using a passphrase, but you can press ENTER to bypass this prompt.

Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
 
 

This is the last step in the creation process. You now have a public and private key that you can use to authenticate.

Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
a9:49:EX:AM:PL:E3:3e:a9:de:4e:77:11:58:b6:90:26 username@203.0.113.0
The key's randomart image is:
+--[ RSA 2048]----+
|     ..o         |
|   E o= .        |
|    o. o         |
|        ..       |
|      ..S        |
|     o o.        |
|   =o.+.         |
|. =++..          |
|o=++.            |
+-----------------+

From here, you can:

• Add your public key to a DigitalOcean team to be able to embed it in new Droplets on creation.
• Add your public key to existing Droplets to use SSH key authentication to log in to them.