Public key requirements¶

Cloud Platform requires that your SSH public key is at least 4,096 bits in size.

All websites requiring Payment Card Industry Data Security Standard (PCI DSS) compliance must be in an Acquia PCI DSS-compliant product offering. To meet PCI DSS requirements, all users must use multi-factor authentication for remote access to their PCI DSS environment. When you connect to a Cloud Platform environment using SSH, you use your SSH key as one authentication factor. To provide a second authentication factor, you must use a passphrase with your SSH key, which you can add when you create your SSH key pair. For more information about PCI compliance with Cloud Platform, see Compliance with standards and regulations.

Creating a private/public key pair¶

To generate an SSH private/public key pair for your use, you can use the ssh-keygen command-line utility.

You can run the ssh-keygen command from the command line to generate an SSH private/public key pair.

To generate an SSH private/public key pair using the ssh-keygen command and then copy the public key to your clipboard for use:

1. On your local computer, open a command-prompt window.

2. Ensure you do not already have a public key saved to your computer. To determine if you already have a saved public key run the following command:

   cd ~/.ssh; ls -l
   

   If the directory and key file exist, run the following commands to back up the key id_rsa, as the procedure will overwrite any key named id_rsa in this directory:

   mkdir key_backup
   mv id_rsa* key_backup
   

3. Run the following command to generate a new public/private key pair:

   Note

   If you are generating this key pair for Pipelines, you might need to use the ssh-keygen command found in the workaround of this known issue.

   ssh-keygen -b 4096
   

The ssh-keygen command prompts you for the directory to contain

the key.

1. Generating public/private rsa key pair. Enter file in which to
   save the key (/Users/[user_dir]/.ssh/id_rsa):
   

   Press Enter to accept the default location of /.ssh/id_rsa in your user directory.

   Enter passphrase (empty for no passphrase): [passphrase] Enter same
   passphrase again: [passphrase]
   

   Substitute [passphrase] with your own unique, but memorable, text to encrypt the private key on your computer. Although you can use an empty passphrase, if you do, another user can impersonate you with only a copy of your key file (as there will be no required passphrase for additional confirmation of your identity).

   Important

   Be sure to keep track of the passphrase, because you must enter the passphrase whenever you use the key.

   The ssh-keygen command displays the following output message:

   Generating public/private rsa key pair. Your identification has been saved
   in /Users/[user_dir]/.ssh/id_rsa. Your public key has been saved in
   /Users/[user_dir]/.ssh/id_rsa.pub. The key fingerprint is:
   52:96:e9:c8:06:c2:57:26:6d:ef:2f:0c:d9:81:f4:1c username@hostname
   

2. Copy the public key to your clipboard using a method available to your operating system:

   • macOS: Run the following command to copy the key from the id_rsa.pub file to your clipboard:

     pbcopy < ~/.ssh/id_rsa.pub
     

   • Any operating system: Using your text editor of choice, open the ~/.ssh/id_rsa.pub file, and then copy the contents of the file manually.

     Note

     Copy the key without adding newlines or whitespace. Additional whitespace in the key can cause Cloud Platform to not recognize the key, which can then require you to complete the key creation process again.

After you generate your key pair, you can add your new public key to your Acquia user profile in Cloud Platform.

Related topics¶

Getting started with SSH