Create SSH keys


This document describes how to create an SSH key pair for Compute Engine Linux virtual machine (VM) instances.

Before you begin

Create an SSH key pair

If you connect to Linux VMs using the Google Cloud Console or the gcloud command-line tool, Compute Engine creates SSH keys on your behalf. For more information on how Compute Engine configures and stores keys, see About SSH connections to Linux VMs.

If you connect to Linux VMs using third party tools or OpenSSH, you need to add a key to your VM before you can connect. If you don't have an SSH key, you must create one. VMs accept the key formats listed in the sshd_config file.

Linux and macOS

On Linux and macOS workstations, use the ssh-keygen tool to create a new SSH key pair. The following example creates an RSA key pair.

Open a terminal and use the ssh-keygen command with the -C flag to create a new SSH key pair.

ssh-keygen -t rsa -f ~/.ssh/KEY_FILENAME -C USER -b 2048

Replace the following:

  • KEY_FILENAME: the name for your SSH key file.

    For example, a filename of my-ssh-key generates a private key file named my-ssh-key and a public key file named my-ssh-key.pub.

  • USER: your username. For example, cloudysanfrancisco@gmail.com or cloudysanfrancisco.

    The USER can't be root, unless you configure your VM to allow root login. For more information, see Connecting to instances as the root user.

ssh-keygen saves your private key file to ~/.ssh/KEY_FILENAME and your public key file to ~/.ssh/KEY_FILENAME.pub.

A public key for the user cloudysanfrancisco looks similar to the following:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAu5kKQCPF... cloudysanfrancisco

Windows

On Windows workstations, use the PuTTYgen tool to create a new SSH key pair. The following example creates an RSA key pair.

  1. Download puttygen.exe if you haven't already.

  2. Open PuTTYgen.

  3. Under Parameters specify the following:

    • Type of key to generate: RSA
    • Number of bits in a generated key: 2048 or more
  4. Click Generate and follow the on-screen instructions.

    The tool displays the public key value.

  5. In the Key comment section, replace the pre-populated text with your username. For example, cloudysanfrancisco@gmail.com or cloudysanfrancisco.

    The Key comment can't be root, unless you configure your VM to allow root login. For more information, see Connecting to instances as the root user.

  6. Optional: enter a Key passphrase to password-protect your key.

  7. Click Save private key to choose a location to save the private key to.

    PuTTYgen writes the private key to a file with a .ppk extension.

  8. Click Save public key to choose a location to save your public key to. Keep the PuTTYgen window open.

  9. Copy the value from the Public key for pasting into OpenSSH authorized_keys file field.

  10. Open the public key file. The public key has a format similar to the following:

    ---- BEGIN SSH2 PUBLIC KEY ----
    Comment: "USERNAME"
    KEY_VALUE
    ---- END SSH2 PUBLIC KEY ----
    
  11. Replace the value in your public key file with the value from the Public key for pasting into OpenSSH authorized_keys file field, so that your public key file matches the following format:

    KEY_VALUE USERNAME
    

A public key for the user cloudysanfrancisco looks similar to the following:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAu5kKQCPF... cloudysanfrancisco

What's next?