Before you can either connect to your Git code repository or use SSH to sign in to your web infrastructure, you must have an SSH private/public key pair. Use the information on this page to help you create a key pair for your use.
Public key requirements¶
Cloud Platform requires that your SSH public key is at least 4,096 bits in size.
All websites requiring Payment Card Industry Data Security Standard (PCI DSS) compliance must be in an Acquia PCI DSS-compliant product offering. To meet PCI DSS requirements, all users must use multi-factor authentication for remote access to their PCI DSS environment. When you connect to a Cloud Platform environment using SSH, you use your SSH key as one authentication factor. To provide a second authentication factor, you must use a passphrase with your SSH key, which you can add when you create your SSH key pair. For more information about PCI compliance with Cloud Platform, see Compliance with standards and regulations.
Creating a private/public key pair¶
To generate an SSH private/public key pair for your use, you can use the ssh-keygen
command-line utility.
You can run the ssh-keygen
command from the command line to generate an SSH private/public key pair.
Note for Windows users
Note for Windows users
If you are using Windows, by default you may not have access to the ssh-keygen
command. To use this command, install and use one of the following options, based on your Windows version:
- Windows 10: Windows Subsystem for Linux
- Any Windows version: Git for Windows (using its Bash shell)
To generate an SSH private/public key pair using the ssh-keygen
command and then copy the public key to your clipboard for use:
- On your local computer, open a command-prompt window.
Ensure you do not already have a public key saved to your computer. To determine if you already have a saved public key run the following command:
cd ~/.ssh; ls -l
If the directory and key file exist, run the following commands to back up the key
id_rsa
, as the procedure will overwrite any key namedid_rsa
in this directory:Run the following command to generate a new public/private key pair:
ssh-keygen -b 4096
Note
Note
If you are generating this key pair for Pipelines, you might need to use the ssh-keygen
command found in the workaround of this known issue.
The
ssh-keygen
command prompts you for the directory to contain the key.Generating public/private rsa key pair. Enter file in which tosave the key (/Users/[user_dir]/.ssh/id_rsa):
Press Enter to accept the default location of
/.ssh/id_rsa
in your user directory.Enter passphrase (empty for no passphrase): [passphrase] Enter samepassphrase again: [passphrase]
- Substitute
[passphrase]
with your own unique, but memorable, text to encrypt the private key on your computer. Although you can use an empty passphrase, if you do, another user can impersonate you with only a copy of your key file (as there will be no required passphrase for additional confirmation of your identity).
Important
Important
Be sure to keep track of the passphrase, because you must enter the passphrase whenever you use the key.
The ssh-keygen command displays the following output message:
Generating public/private rsa key pair. Your identification has been savedin /Users/[user_dir]/.ssh/id_rsa. Your public key has been saved in/Users/[user_dir]/.ssh/id_rsa.pub. The key fingerprint is:52:96:e9:c8:06:c2:57:26:6d:ef:2f:0c:d9:81:f4:1c username@hostname
- Copy the public key to your clipboard using a method available to your operating system:
macOS: Run the following command to copy the key from the
id_rsa.pub
file to your clipboard:pbcopy < ~/.ssh/id_rsa.pub
- Any operating system: Using your text editor of choice, open the
~/.ssh/id_rsa.pub
file, and then copy the contents of the file manually.
Note
Note
Copy the key without adding newlines or whitespace. Additional whitespace in the key can cause Cloud Platform to not recognize the key, which can then require you to complete the key creation process again.
After you generate your key pair, you can add your new public key to your Acquia user profile in Cloud Platform.