How to create and enable SSH Keys

SSH Keys Overview

When creating a Compute Instance, you will not receive a root password. Authentication is based on secure SSH keys instead of using passwords.
SSH keys allow password-less authentication on secure shell (SSH) Connections.

This guide shows how to configure and enable a SSH key on Windows, MacOS or Linux computers.

Requirements

RSA Key Pair

Before creating your first instance, you have to create a RSA key pair on your local computer. A RSA key pair consists of two elements:

  • An identification key, which must be kept securely
  • A public key which needs to be uploaded to the Scaleway interface.

The public key is kept in your Scaleway account and transferred to the instance during the boot process, while the private key is kept securely on your computer.

When connecting to the instance via SSH, a trusted connection to the machine is being established using the key pair. If there is a discrepancy between the keys or any of them is missing, authentication fails and a connection cannot be established.

Important: For security reasons you must generate a 2048-bit or 4096-bit RSA key. Older 1024-bit keys are no longer supported.

Creating the Key Pair on OSX and Linux

1 . Open the terminal application (command line) by clicking on the corresponding icon:

2 . Type the following command ssh-keygen -o -b 4096 and press Enter to generate the new key:

The -o option was added in 2014; if this command fails for you, simply remove the -o flag.

3 . Enter the file path in which to safe the key. Leave it at the default setting if you are creating your first key (which will be saved as id_rsa):

Enter file in which to save the key (/Users/me/.ssh/id_rsa):`

4 . Set a passphrase, this step is not mandatory but highly recommended for increased security. The passphrase can be freely chosen. If no passphrase is required, press Enter:

Enter passphrase (empty for no passphrase):

5 . Enter the passphrase again to confirm it. Then press Enter:

Enter same passphrase again:

6 . The key pair is being generated (a public key that we will copy on your instances, and a private key that you must keep secret). By default, the two files are located in the /Users/me/.ssh/ directory:

  • The public Key is named id\_rsa.pub
  • The private Key is named id\_rsa

The entire key generation looks like this

ssh-keygen -o -b 4096

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/me/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/me/.ssh/id_rsa.
Your public key has been saved in /Users/me/.ssh/id_rsa.pub.
The key fingerprint is:
12:93:cc:c1:5b:76:4f:b6:b9:b4:65:b0:33:8b:f1:59 me@localhost
...
  • Display the public key content with the cat command and copy it, as it is required for step 2:
cat /Users/me/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/tcOt7Lwx5MEPyHo+pcK/XYi7ZvZi4OzLZd59E2MyTLg5ZTpMyRqgLLojTloXEtM57A9H95zjNsiU1nJm1iXEMbRfd6f8fWaaK0ms6z5hLgcuDJot0BkfgThpJjIseZ2uEIrEFYOfdhffJofXkC8lS7seEM8B9TG+Y25wFDdILACrX6AHzRd0Bd4T7I8zNL51fT2zKUBaB6hX4K3rm60K5VKZsZBMj/Mg6rI1DifpOmEb9c+gNX5OlRGC+PREQ08dlwONOO+/C+RPCk+mf1hI5if5E6BAGPz7wN5DNN4BjbiR8/rQ/vjvp5CXbWxaL35FIfi/fUFy3mJlz8u17MzEqi22qdsPXC/MvmdJZSGaAIlqHnNoiMgJTjXBaTJGMiRiuGZ5J3ksIjEeLVAGJNLJRUAOPNmTa9xpn0KD6Uh3OJVUwldGPjJYYHjcNhZTsUqyVpci03fbSvWIvlOlIAc7JicW3ES3i5ayIMNRLwYOp8VP5j8nbpB/OfjRu5VsSQpLJFjcK0LCs+eZaStTn4j3/lwR1DKH3dAwVkRls7SfaWzAgV7HF9NTnDADdVz6wHLR2PB4b7ZVdTYqVXgSjiJfYYYowZ2McIV27cXvbNIWUOJi80h63e/43xSjalBIpDNBi0yTvZqOJzu3xBB6QqJqEmKvAszrTVoGK8rgLgC/iw== me@localhost

Creating the Key Pair on Windows

1 . Download PuTTYgen to your local computer

2 . Launch PuTTYgen by double-clicking on the application:

3 . Select RSA, set the Number of bits in the key to 4096 and click the “Generate” button:

4 . Move the mouse around the blank area, as indicated, to generate some randomness:

5 . Two keys are generated (a public key that we will be copy on your instances, and a private key that you must keep secret):

  • Fill-in the Key-comment field with a name to help you identify this key pair
  • Click the Save public key button and save it in the folder of your choice
  • Click the Save private key button and save it the same folder
  • Select the public key content. Copy it (below Public key for pasting into OpenSSH authorized_keys file) into your clipboard which is required for the following step.

Save the Content of the Public Key on the SSH Keys Section

1 . To connect to your instances, you must add a public key to your Project.

Save the content of the public key by clicking on Add a new SSH key on the Credentials tab of the Project Dashboard.

A pop up appears. Paste the key in the indicated box, add a description if necessary and click on Add a SSH key.

You are now ready to create and start your first instance!

Important

  • If you add a new SSH key into the console and can ssh your instance, reload your ssh-keys with scw-fetch-ssh-keys --upgrade command
  • If you add a new SSH key into the console and can not access your instance, reboot your instance from the Control Panel to load ssh-keys

Discover the Cloud That Makes Sense

Get started now