--- title: "Generating an SSH public key" date: "2024-02-14T06:18:38+00:00" summary: "Learn how to generate a secure SSH public key for Git repository access and SSH logins. Follow our step-by-step guide to create a 4,096-bit key pair, ensuring compliance with security standards and best practices." image: type: "page" url: "/acquia-cloud-platform/generating-ssh-public-key" id: "9052b070-0935-4ea9-8a26-3744ed7a3df2" --- Table of contents will be added Before you can either [connect to your Git code repository](/acquia-cloud-platform/develop-apps/repository/git) or [use SSH](/acquia-cloud-platform/docs/manage-apps/command-line "Managing applications using the command line") to sign in to your web infrastructure, you must have an SSH private/public key pair. Use the information on this page to help you create a key pair for your use. Public key requirements ----------------------- Cloud Platform requires that your SSH public key is _at least_ 4,096 bits in size. All websites requiring Payment Card Industry Data Security Standard ([PCI DSS](/acquia-cloud-platform/architecture/security/compliance-standards-and-regulations#pcidss)) compliance must be in an Acquia PCI DSS-compliant product offering. To meet PCI DSS requirements, all users must use multi-factor authentication for remote access to their PCI DSS environment. When you connect to a Cloud Platform environment using SSH, you use your SSH key as one authentication factor. To provide a second authentication factor, you must use a passphrase with your SSH key, which you can add when you create your SSH key pair. For more information about PCI compliance with Cloud Platform, see [Compliance with standards and regulations](/acquia-cloud-platform/architecture/security/compliance-standards-and-regulations). Creating a private/public key pair ---------------------------------- To generate an SSH private/public key pair for your use, you can use the `ssh-keygen` command-line utility. You can run the `ssh-keygen` command from the command line to generate an SSH private/public key pair. Note If you are using Windows, by default you may not have access to the `ssh-keygen` command. To use this command, install and use one of the following options, based on your Windows version: * _Windows 10_: [Windows Subsystem for Linux](https://docs.microsoft.com/en-us/windows/wsl/about) * _Any Windows version_: [Git for Windows](https://gitforwindows.org/) (using its Bash shell) To generate an SSH private/public key pair using the `ssh-keygen` command and then copy the public key to your clipboard for use: 1. On your local computer, open a command-prompt window. 2. Ensure you do not already have a public key saved to your computer. To determine if you already have a saved public key run the following command: cd ~/.ssh; ls -l If the directory and key file exist, run the following commands to back up the key `id_rsa`, as the procedure will overwrite any key named `id_rsa` in this directory: mkdir key_backup mv id_rsa* key_backup 3. Run the following command to generate a new public/private key pair: ssh-keygen -b 4096 -t rsa Note If you are generating this key pair for Pipelines, you might need to use the `ssh-keygen` command found in the workaround of [this known issue](https://docs.acquia.com/acquia-cloud-platform/features/pipelines/known-issues#known-pipelines-openssh). The `ssh-keygen` command prompts you for the directory to contain the key. Generating public/private rsa key pair. Enter file in which to save the key (/Users/[user_dir]/.ssh/id_rsa): 4. Press Enter to accept the default location of `/.ssh/id_rsa` in your user directory. Enter passphrase (empty for no passphrase): [passphrase] Enter same passphrase again: [passphrase] 5. Substitute `[passphrase]` with your own unique, but memorable, text to encrypt the private key on your computer. Although you _can_ use an empty passphrase, if you do, another user can impersonate you with only a copy of your key file (as there will be no required passphrase for additional confirmation of your identity). Important Be sure to keep track of the passphrase, because you must enter the passphrase whenever you use the key. The ssh-keygen command displays the following output message: Generating public/private rsa key pair. Your identification has been saved in /Users/[user_dir]/.ssh/id_rsa. Your public key has been saved in /Users/[user_dir]/.ssh/id_rsa.pub. The key fingerprint is: 52:96:e9:c8:06:c2:57:26:6d:ef:2f:0c:d9:81:f4:1c username@hostname 6. Copy the public key to your clipboard using a method available to your operating system: * _macOS_: Run the following command to copy the key from the `id_rsa.pub` file to your clipboard: pbcopy < ~/.ssh/id_rsa.pub * _Any operating system_: Using your text editor of choice, open the `~/.ssh/id_rsa.pub` file, and then copy the contents of the file manually. Note Copy the key without adding newlines or whitespace. Additional whitespace in the key can cause Cloud Platform to not recognize the key, which can then require you to complete the key creation process again. After you generate your key pair, you can [add your new public key to your Acquia user profile](/acquia-cloud-platform/manage-apps/command-line/ssh/getting-started/add-key) in Cloud Platform. Related topics -------------- [Getting started with SSH](/acquia-cloud-platform/manage-apps/command-line/ssh/getting-started)