Cloud Platform

Generating an SSH public key

 

Before you can either connect to your Git code repository or use SSH to sign in to your web infrastructure, you must have an SSH private/public key pair. Use the information on this page to help you create a key pair for your use.

Public key requirements

Cloud Platform requires that your SSH public key is at least 4,096 bits in size.

All websites requiring Payment Card Industry Data Security Standard (PCI DSS) compliance must be in an Acquia PCI DSS-compliant product offering. To meet PCI DSS requirements, all users must use multi-factor authentication for remote access to their PCI DSS environment. When you connect to a Cloud Platform environment using SSH, you use your SSH key as one authentication factor. To provide a second authentication factor, you must use a passphrase with your SSH key, which you can add when you create your SSH key pair. For more information about PCI compliance with Cloud Platform, see Compliance with standards and regulations.

Creating a private/public key pair

To generate an SSH private/public key pair for your use, you can use the ssh-keygen command-line utility.

You can run the ssh-keygen command from the command line to generate an SSH private/public key pair.

Note

If you are using Windows, by default you may not have access to the ssh-keygen command. To use this command, install and use one of the following options, based on your Windows version:

To generate an SSH private/public key pair using the ssh-keygen command and then copy the public key to your clipboard for use:

  1. On your local computer, open a command-prompt window.
  2. Ensure you do not already have a public key saved to your computer. To determine if you already have a saved public key run the following command:

    cd ~/.ssh; ls -l

    If the directory and key file exist, run the following commands to back up the key id_rsa, as the procedure will overwrite any key named id_rsa in this directory:

    mkdir key_backup
    mv id_rsa* key_backup
  3. Run the following command to generate a new public/private key pair:

    ssh-keygen -b 4096 -t rsa
    Note

    If you are generating this key pair for Pipelines, you might need to use the ssh-keygen command found in the workaround of this known issue.

    The ssh-keygen command prompts you for the directory to contain the key.

    Generating public/private rsa key pair. Enter file in which to save the key (/Users/[user_dir]/.ssh/id_rsa):
  4. Press Enter to accept the default location of /.ssh/id_rsa in your user directory.

    Enter passphrase (empty for no passphrase): [passphrase] Enter same
    passphrase again: [passphrase]
    
  5. Substitute [passphrase] with your own unique, but memorable, text to encrypt the private key on your computer. Although you can use an empty passphrase, if you do, another user can impersonate you with only a copy of your key file (as there will be no required passphrase for additional confirmation of your identity).

    Important

    Be sure to keep track of the passphrase, because you must enter the passphrase whenever you use the key.

    The ssh-keygen command displays the following output message:
    Generating public/private rsa key pair. Your identification has been saved
    in /Users/[user_dir]/.ssh/id_rsa. Your public key has been saved in
    /Users/[user_dir]/.ssh/id_rsa.pub. The key fingerprint is:
    52:96:e9:c8:06:c2:57:26:6d:ef:2f:0c:d9:81:f4:1c username@hostname
  6. Copy the public key to your clipboard using a method available to your operating system:
    • macOS: Run the following command to copy the key from the id_rsa.pub file to your clipboard:

      pbcopy < ~/.ssh/id_rsa.pub
      
    • Any operating system: Using your text editor of choice, open the ~/.ssh/id_rsa.pub file, and then copy the contents of the file manually.

      Note

      Copy the key without adding newlines or whitespace. Additional whitespace in the key can cause Cloud Platform to not recognize the key, which can then require you to complete the key creation process again.

After you generate your key pair, you can add your new public key to your Acquia user profile in Cloud Platform.

Did not find what you were looking for?

If this content did not answer your questions, try searching or contacting our support team for further assistance.

Acquia Help

Filter by product:

Cloud Platform common questions