Generating an SSH keypair

User key generation

To use key-based authentication, you first need to generate public/private key pairs for your client. A strong algorithm and key length should be used, such as Ed25519.

To generate key files, run the following command from a shell (eg. PowerShell or bash) on your client:

ssh-keygen -t ed25519

The output from the command should display the following output (where "username" is replaced by your username):

Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\username/.ssh/id_ed25519):

You can press Enter to accept the default, or specify a path and/or filename where you would like your keys to be generated.

At this point, you'll be prompted to use a passphrase to encrypt your private key files. The passphrase can be empty but it's not recommended.

The passphrase works with the key file to provide two-factor authentication.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\username/.ssh/id_ed25519.
Your public key has been saved in C:\Users\username/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:OIzc1yE7joL2Bzy8!gS0j8eGK7bYaH1FmF3sDuMeSj8 username@LOCAL-HOSTNAME

The key's randomart image is:
+--[ED25519 256]--+
|        .        |
|         o       |
|    . + + .      |
|   o B * = .     |
|   o= B S .      |
|   .=B O o       |
|  + =+% o        |
| *oo.O.E         |
|+.o+=o. .        |
+----[SHA256]-----+

Once this step is complete, your private keyfile wil be located in the path on the line that says Your identification has been saved in.... Your public key is the file listed on the next line under Your public key has been saved in... When asked for your SSH key, you should only supply your public key.