Stay organized with collections Save and categorize content based on your preferences.
Linux Windows
This document describes how to create an SSH key pair for Compute Engine virtual machine (VM) instances.
Before you beginSelect the tab for how you plan to use the samples on this page:
ConsoleWhen you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.
gcloudInstall the Google Cloud CLI. After installation, initialize the Google Cloud CLI by running the following command:
gcloud init
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
Note: If you installed the gcloud CLI previously, make sure you have the latest version by runninggcloud components update.To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.
Install the Google Cloud CLI. After installation, initialize the Google Cloud CLI by running the following command:
gcloud init
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
For more information, see Authenticate for using REST in the Google Cloud authentication documentation.
If you connect to VMs using the Google Cloud console or the Google Cloud CLI, Compute Engine creates SSH keys on your behalf. For more information on how Compute Engine configures and stores keys, see About SSH connections.
If you connect to VMs using third party tools or OpenSSH, you need to add a key to your VM before you can connect. If you don't have an SSH key, you must create one. VMs accept the key formats listed in the sshd_config file.
On Linux and macOS workstations, use the ssh-keygen utility to create a new SSH key pair. The following example creates an RSA key pair.
Open a terminal and use the ssh-keygen command with the -C flag to create a new SSH key pair.
ssh-keygen -t rsa -f ~/.ssh/KEY_FILENAME -C USERNAME
Replace the following:
KEY_FILENAME: the name for your SSH key file.
For example, a filename of my-ssh-key generates a private key file named my-ssh-key and a public key file named my-ssh-key.pub.
USERNAME: your username on the VM. For example, cloudysanfrancisco, or cloudysanfrancisco_gmail_com.
For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connect to VMs as the root user.
For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.
ssh-keygen saves your private key file to ~/.ssh/KEY_FILENAME and your public key file to ~/.ssh/KEY_FILENAME.pub.
A public key for the user cloudysanfrancisco looks similar to the following:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAu5kKQCPF... cloudysanfranciscoWindows 10 or later
On workstations with Windows version 10 or later, use the ssh-keygen utility to create a new SSH key pair. The following example creates an RSA key pair.
Open Command Prompt and use the ssh-keygen command with the -C flag to create a new SSH key pair.
ssh-keygen -t rsa -f C:\Users\WINDOWS_USER\.ssh\KEY_FILENAME -C USERNAME
Replace the following:
WINDOWS_USER: your username on the Windows machine.
KEY_FILENAME: the name for your SSH key file.
For example, a filename of my-ssh-key generates a private key file named my-ssh-key and a public key file named my-ssh-key.pub.
USERNAME: your username on the VM. For example, cloudysanfrancisco, or cloudysanfrancisco_gmail_com.
For Linux VMs, the USERNAME can't be root, unless you configure your VM to allow root login. For more information, see Connect to VMs as the root user.
For Windows VMs that use Active Directory (AD), the username must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a USERNAME of example\cloudysanfrancisco.
ssh-keygen saves your private key file to C:\Users\WINDOWS_USER\.ssh\KEY_FILENAME and your public key file to C:\Users\WINDOWS_USER\.ssh\KEY_FILENAME.pub.
A public key for the user cloudysanfrancisco looks similar to the following:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAu5kKQCPF... cloudysanfranciscoWindows 8 or earlier
On workstations with Windows version 8 or earlier, use the PuTTYgen tool to create a new SSH key pair. The following example creates an RSA key pair.
Download puttygen.exe if you haven't already.
Open PuTTYgen.
Under Parameters specify the following:
RSA2048 or moreClick Generate and follow the on-screen instructions.
The tool displays the public key value.
In the Key comment section, replace the pre-populated text with your username. For example, cloudysanfrancisco, or cloudysanfrancisco_gmail_com.
For Linux VMs, the Key comment can't be root, unless you configure your VM to allow root login. For more information, see Connect to VMs as the root user.
For Windows VMs that use Active Directory (AD), the Key comment must be prepended with the AD domain, in the format of DOMAIN\. For example, the user cloudysanfrancisco within the ad.example.com AD has a Key comment of example\cloudysanfrancisco.
Optional: enter a Key passphrase to password-protect your key.
Click Save private key to choose a location to save the private key to.
PuTTYgen writes the private key to a file with a .ppk extension.
Click Save public key to choose a location to save your public key to. Keep the PuTTYgen window open.
Copy the text from the Public key for pasting into OpenSSH authorized_keys file field.
Open the public key file. The public key has a format similar to the following:
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "USERNAME" KEY_VALUE ---- END SSH2 PUBLIC KEY ----
Replace the entire contents of the public key file with the value you copied from the Public key for pasting into OpenSSH authorized_keys file field, so that your public key file matches the following format:
KEY_VALUE USERNAME
A public key for the user cloudysanfrancisco looks similar to the following:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAu5kKQCPF... cloudysanfranciscoWhat's next?
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-07 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["This document guides users on creating SSH key pairs for Compute Engine virtual machines (VMs) for connections outside the Google Cloud console or CLI."],["Authentication setup is required for accessing Google Cloud services and APIs, which can be done through the Google Cloud CLI or REST API."],["For Linux and macOS, and Windows 10 or later, the `ssh-keygen` utility is used to generate SSH key pairs, specifying the key file name and username for the VM."],["Windows 8 or earlier users should use PuTTYgen, downloading `puttygen.exe`, selecting RSA key type, and setting key parameters before saving the private and public keys."],["The public key file's content must be modified to match the format \"KEY\\_VALUE USERNAME,\" and users can optionally set a key passphrase for added security."]]],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4