# How to Create SSH Keys with OpenSSH on MacOS or Linux

DigitalOcean Droplets are Linux-based virtual machines (VMs) that run on top of virtualized hardware. Each Droplet you create is a new server you can use, either standalone or as part of a larger, cloud-based infrastructure.

**Note**: If you’re struggling with SSH and server management, try our managed products: [Cloudways](https://docs.digitalocean.com/products/cloudways/index.html.md) deploys pre-installed software stacks onto Droplets, and [App Platform](https://docs.digitalocean.com/products/app-platform/index.html.md) deploys and scales apps directly from your code repository, along with databases and serverless functions.

The standard OpenSSH suite of tools contains the `ssh-keygen` utility, which is used to generate key pairs. Run it on your local computer to generate a 2048-bit RSA key pair, which is fine for most uses.

```
ssh-keygen
```

The utility prompts you to select a location for the keys. By default, the keys are stored in the `~/.ssh` directory with the filenames `id_ed25519` for the private key and `id_ed25519.pub` for the public key. Using the default locations allows your SSH client to automatically find your SSH keys when authenticating, so we recommend accepting them by pressing `ENTER`.

```text
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/username/.ssh/id_ed25519):
```

**Warning**:

  If you have previously generated a key pair, you may see a prompt that looks like this:

  ```
  /home/username/.ssh/id_ed25519 already exists.
Overwrite (y/n)?
  ```

  If you choose to overwrite the key on disk, you **cannot** authenticate using the previous key anymore. Selecting yes is an irreversible destructive process.

Once you select a location for the key, you are prompted to enter an optional passphrase which encrypts the private key file on disk.

If you enter one, you have to provide it every time you use this key (unless you are running SSH agent software that stores the decrypted key). We recommend using a passphrase, but you can press `ENTER` to bypass this prompt.

```text
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
```

This is the last step in the creation process. You now have a public and private key that you can use to authenticate.

```
Your identification has been saved in /home/username/.ssh/id_ed25519.
Your public key has been saved in /home/username/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:v/d5p9UJP2dx5G4dSUN92OXA5jgBpRxidE62EXAMPLE username@203.0.113.0

The key's randomart image is:
+--[ED25519 256]--+
|      E== *o...++|
|     o.+ O +. =o+|
|        . *  = o+|
|         . .o ooo|
|        S .  o +o|
|         .    o.B|
|          .    +O|
|           ..  ==|
|          .. .+o.|
+----[SHA256]-----+
```

From here, you can:

- [Add your public key to a DigitalOcean team](https://docs.digitalocean.com/platform/teams/how-to/upload-ssh-keys/index.html.md) to be able to embed it in new Droplets on creation.
- [Add your public key to existing Droplets](https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/to-existing-droplet/index.html.md) to use SSH key authentication to log in to them.