Set up SSH keys

Estimated reading time: 9 minutes

You can link your Cloud and Service providers so that Docker Cloud can provision and manage swarms on your behalf. For this, you will need an SSH key to authenticate Docker to your provider.

About SSH

SSH is a secure protocol for accessing remote machines and applications. It provides authentication and encrypts data communication over insecure networks.

These topics describe how to find existing SSH keys or generate new ones, and add the public key to your Docker Cloud account. GitHub has a good set of topics on Connecting to GitHub with SSH, which you can tailor to SSH scenarios beyond GitHub, including Docker. The quick-look topics below are derived from that GitHub documentation.

Commands for working with SSH keys are described for Mac, Windows, and Linux. The Windows steps suggest using Git Bash but you could also use a tool like PuTTY or Bitvise.

Check for existing SSH keys

You may not need to generate a new SSH key if you have an existing key that you want to reuse.

Open a command-line terminal.
```
$ ls -al ~/.ssh
```
This lists files in your .ssh directory.
Check to see if you already have a SSH keys you can use.

Default file names for public keys are:
- id_dsa.pub
- id_ecdsa.pub
- id_ed25519.pub
- id_rsa.pub
Here are example results showing a public and private key pair with the default names:
```
drwx------   8 me  staff   272 Mar 27 14:04 .
drwxr-xr-x+ 69 me  staff  2346 Apr  7 10:03 ..
-rw-r--r--   1 me  staff   420 Mar 27 14:04 config
-rw-------   1 me  staff  3326 Mar 27 14:01 id_rsa
-rw-r--r--   1 me  staff   752 Mar 27 14:01 id_rsa.pub
```
The file id_rsa contains the private key which resides on the local machine, and id_rsa.pub is the public key we can provide to a remote account.

Open Git Bash.
```
$ ls -al ~/.ssh
```
This will list files in your .ssh directory.
Check to see if you already have SSH keys you can use.

Default file names for public keys are:
- id_dsa.pub
- id_ecdsa.pub
- id_ed25519.pub
- id_rsa.pub
Here are example results showing a public and private key pair with the default names:
```
drwx------   8 me  staff   272 Mar 27 14:04 .
drwxr-xr-x+ 69 me  staff  2346 Apr  7 10:03 ..
-rw-r--r--   1 me  staff   420 Mar 27 14:04 config
-rw-------   1 me  staff  3326 Mar 27 14:01 id_rsa
-rw-r--r--   1 me  staff   752 Mar 27 14:01 id_rsa.pub
```
The file id_rsa contains the private key which resides on the local machine, and id_rsa.pub is the public key we can provide to a remote account.

Open a command-line terminal.
```
$ ls -al ~/.ssh
```
This will list files in your .ssh directory.
Check to see if you already have a SSH keys you can use.

Default file names for public keys are:
- id_dsa.pub
- id_ecdsa.pub
- id_ed25519.pub
- id_rsa.pub
Here are example results showing a public and private key pair with the default names:
```
drwx------   8 me  staff   272 Mar 27 14:04 .
drwxr-xr-x+ 69 me  staff  2346 Apr  7 10:03 ..
-rw-r--r--   1 me  staff   420 Mar 27 14:04 config
-rw-------   1 me  staff  3326 Mar 27 14:01 id_rsa
-rw-r--r--   1 me  staff   752 Mar 27 14:01 id_rsa.pub
```
The file id_rsa contains the private key which resides on the local machine, and id_rsa.pub is the public key we can provide to a remote account.

If you find an existing key you want to use, skip to the topic that describes how to copy your public key for use with Docker Cloud.

Otherwise, create a new SSH key.

Create a new SSH key

Open a command-line terminal.
Paste the text below, substituting in your GitHub email address.
```
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
```
This creates a new SSH key, using the provided email as a label.
```
Generating public/private rsa key pair.
```
When prompted with “Enter a file in which to save the key”, press the Return key (Enter) to accept the default location.
```
Enter a file in which to save the key (/Users/you/.ssh/id_rsa):
```

At the prompt, type a secure passphrase, and re-enter as prompted.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Open Git Bash.
Paste the text below, substituting in your GitHub email address.
```
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
```
This creates a new SSH key, using the provided email as a label.
```
Generating public/private rsa key pair.
```
When prompted with “Enter a file in which to save the key”, press the Return key (Enter) to accept the default location.
```
Enter a file in which to save the key (c/Users/you/.ssh/id_rsa):
```

At the prompt, type a secure passphrase, and re-enter as prompted.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Open a command-line terminal.
Paste the text below, substituting in your GitHub email address.
```
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
```
This creates a new SSH key, using the provided email as a label.
```
Generating public/private rsa key pair.
```
When prompted with “Enter a file in which to save the key”, press the Return key (Enter) to accept the default location.
```
Enter a file in which to save the key (/home/you/.ssh/id_rsa):
```

At the prompt, type a secure passphrase, and re-enter as prompted.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Add your key to the ssh-agent

Start the ssh-agent in the background using the command eval "$(ssh-agent -s)". You will get the agent process ID in return.
```
eval "$(ssh-agent -s)"
Agent pid 59566
```
On macOS Sierra 10.12.2 or newer, modify your ~/.ssh/config file to automatically load keys into the ssh-agent and store passphrases in your keychain.
```
Host *
 AddKeysToAgent yes
 UseKeychain yes
 IdentityFile ~/.ssh/id_rsa
```
Add your SSH private key to the ssh-agent, using the default macOS ssh-add command.
```
$ ssh-add -K ~/.ssh/id_rsa
```
If you created your key with a different name or have an existing key with a different name, replace id_rsa in the command with the name of your private key file.

Start the ssh-agent in the background.
```
eval "$(ssh-agent -s)"
Agent pid 59566
```
Add your SSH private key to the ssh-agent.
```
$ ssh-add -K ~/.ssh/id_rsa
```
If you created your key with a different name or have an existing key with a different name, replace id_rsa in the command with the name of your private key file.

Start the ssh-agent in the background.
```
eval "$(ssh-agent -s)"
Agent pid 59566
```
Add your SSH private key to the ssh-agent.
```
$ ssh-add -K ~/.ssh/id_rsa
```
If you created your key with a different name or have an existing key with a different name, replace id_rsa in the command with the name of your private key file.

Copy your public key for use with Docker Cloud

You will need your SSH public key to provide to Docker Cloud. When you are ready to add it, you can copy the public key as follows.

Copy the public SSH key to your clipboard.

$ pbcopy < ~/.ssh/id_rsa.pub

If your SSH key file has a different name than the example code, modify the filename to match your current setup.

Tip: If you don’t have pbcopy, you navigate to the hidden .ssh folder, open the file in a text editor, and copy it to your clipboard. For example: $ atom ~/.ssh/id_rsa.pub

Copy the public SSH key to your clipboard.

$ clip < ~/.ssh/id_rsa.pub

If your SSH key file has a different name than the example code, modify the filename to match your current setup.

Tip: If clip doesn’t work, navigate the hidden .ssh folder, open the file in a text editor, and copy it to your clipboard. For example: $ notepad ~/.ssh/id_rsa.pub

If you don’t already have it, install xclip. (The example uses apt-get to install, but you might want to use another package installer like yum.)

$ sudo apt-get install xclip

Copy the SSH key to your clipboard.

$ xclip -sel clip < ~/.ssh/id_rsa.pub

Tip: If you xclip isn’t working, navigate to hidden .ssh folder, open the file in a text editor, and copy it to your clipboard. For example: $ vi ~/.ssh/id_rsa.pub

Cloud, SSH keys, Azure, link

Set up SSH keys

About SSH

Check for existing SSH keys

Create a new SSH key

Add your key to the ssh-agent

Copy your public key for use with Docker Cloud

Related topics