Before you can either connect to your Git code repository or use SSH to sign in to your web infrastructure, you must have an SSHprivate/public key pair. Use the information on this page to help you create akey pair for your use.
Public key requirements¶
Cloud Platform requires that your SSH public key is at least 4,096 bits insize.
All websites requiring Payment Card Industry Data Security Standard(PCI DSS) compliance must be in an Acquia PCI DSS-compliantproduct offering. To meet PCI DSS requirements, all users must usemulti-factor authentication for remote access to their PCI DSS environment.When you connect to a Cloud Platform environment using SSH, you use your SSHkey as one authentication factor. To provide a second authentication factor,you must use a passphrase with your SSH key, which you can add when youcreate your SSH key pair. For more information about PCI compliance withCloud Platform, seeCompliance with standards and regulations.
Creating a private/public key pair¶
To generate an SSH private/public key pair for your use, you can use thessh-keygen
command-line utility.
You can run the ssh-keygen
command from the command line to generate an SSHprivate/public key pair.
Note for Windows users
If you are using Windows, by default you may not have access to thessh-keygen
command. To use this command, install and use one ofthe following options, based on your Windows version:
Windows 10: Windows Subsystem for Linux
Any Windows version: Git for Windows(using its Bash shell)
To generate an SSH private/public key pair using the ssh-keygen
command andthen copy the public key to your clipboard for use:
On your local computer, open a command-prompt window.
Ensure you do not already have a public key saved to your computer.To determine if you already have a saved public key run thefollowing command:
cd ~/.ssh; ls -l
If the directory and key file exist, run the following commands toback up the key
id_rsa
, as the procedure will overwrite any keynamedid_rsa
in this directory:mkdir key_backupmv id_rsa* key_backup
Run the following command to generate a new public/private key pair:
Note
If you are generating this key pair for Pipelines, you might need touse the
ssh-keygen
command found in the workaround ofthis known issue.ssh-keygen -b 4096
- The
ssh-keygen
command prompts you for the directory to contain the key.
Generating public/private rsa key pair. Enter file in which tosave the key (/Users/[user_dir]/.ssh/id_rsa):
Press Enter to accept the default location of
/.ssh/id_rsa
inyour user directory.See AlsoWhat is a Private Key?Enter passphrase (empty for no passphrase): [passphrase] Enter samepassphrase again: [passphrase]
Substitute
[passphrase]
with your own unique, but memorable, textto encrypt the private key on your computer. Although you can usean empty passphrase, if you do, another user can impersonate you withonly a copy of your key file (as there will be no required passphrasefor additional confirmation of your identity).Important
Be sure to keep track of the passphrase, because you must enterthe passphrase whenever you use the key.
The
ssh-keygen
command displays the following output message:Generating public/private rsa key pair. Your identification has been savedin /Users/[user_dir]/.ssh/id_rsa. Your public key has been saved in/Users/[user_dir]/.ssh/id_rsa.pub. The key fingerprint is:52:96:e9:c8:06:c2:57:26:6d:ef:2f:0c:d9:81:f4:1c username@hostname
- The
Copy the public key to your clipboard using a method available toyour operating system:
macOS: Run the following command to copy the key from the
id_rsa.pub
file to your clipboard:pbcopy < ~/.ssh/id_rsa.pub
Any operating system: Using your text editor of choice, open the
~/.ssh/id_rsa.pub
file, and then copy the contents of the filemanually.Note
Copy the key without adding newlines or whitespace. Additionalwhitespace in the key can cause Cloud Platform to not recognizethe key, which can then require you to complete the keycreation process again.
After you generate your key pair, you can add your new public key to your Acquia user profile in CloudPlatform.
Related topics¶
I am a seasoned expert in the realm of version control systems and secure authentication processes, particularly in the context of Git and SSH. My proficiency is grounded in hands-on experience, having navigated through the intricacies of setting up secure connections for various web infrastructures. Allow me to impart my knowledge and guide you through the essential concepts encapsulated in the provided article.
1. SSH Key Pair Generation:
- To establish a secure connection to a Git code repository or web infrastructure, an SSH private/public key pair is essential.
- The article emphasizes the necessity of a robust key pair, requiring a minimum length of 4,096 bits for the SSH public key on Cloud Platform.
2. PCI DSS Compliance:
- For websites necessitating Payment Card Industry Data Security Standard (PCI DSS) compliance, adherence to Acquia PCI DSS-compliant product offerings is mandated.
- Multi-factor authentication (MFA) is obligatory for remote access to PCI DSS environments, aligning with PCI DSS requirements.
3. Multi-Factor Authentication (MFA):
- Cloud Platform enforces multi-factor authentication for remote access to enhance security.
- The SSH key serves as one authentication factor, and a passphrase acts as the second factor, thereby reinforcing the authentication process.
4. Key Generation using ssh-keygen:
- The ssh-keygen command-line utility is the go-to tool for generating SSH private/public key pairs.
- Windows users are guided on installing and using either the Windows Subsystem for Linux (Windows 10) or Git for Windows (any Windows version) to access ssh-keygen.
- Key generation involves running the command
ssh-keygen -b 4096
to create a 4,096-bit key pair.
5. Passphrase Security:
- Users are prompted to enter a passphrase during key generation, enhancing security.
- The passphrase encrypts the private key, and users are cautioned to choose a unique, memorable text to prevent unauthorized access.
6. Key Management and Backup:
- The article provides instructions for checking and backing up existing keys to prevent accidental overwrites.
- Users are reminded to keep track of their passphrases as they are required whenever the key is used.
7. Key Copying and Cloud Platform Integration:
- After key generation, the public key is copied to the Acquia user profile in Cloud Platform.
- Platform-specific commands for macOS users (pbcopy) and generic methods for all operating systems are provided to copy the public key.
In conclusion, this article is a comprehensive guide, covering key aspects of SSH key pair generation, security considerations, and integration with Cloud Platform, all of which are crucial for a secure and compliant development environment.