SSH Tectia

Creating Keys with the Key Generation Wizard (Windows)

On Windows, you can use the SSH Tectia Key Generation wizard to generate a key pair. The following sections give instructions for generating the key pair.

Key Generation Wizard

New keys are generated in the SSH Tectia Configuration tool. Select the Keys and Certificates page under User authentication and click New Key... to start the Key Generation wizard.

The wizard will generate two key files, your private key and your public key. The private key file has no file extension, and the public key has the same base file name as the private key, but with .pub as the file extension. The key files will be stored on your local computer, in the user profile directory.

Key Generation - Start

The Key Generation - Start page contains important information about safety measures. Read the text and click Next.

The Start page of the Key Generation wizard

Figure 5.4. The Start page of the Key Generation wizard

Key Generation - Key Properties

On the Key Properties page, select the type of the key to be generated. You can select to generate either an RSA or a DSA key, and select the key length.

Selecting the key type

Figure 5.5. Selecting the key type

Key Type

Select the type of the key to be generated. Available options are DSA or RSA.

Key Length

Select the length (complexity) of the key to be generated. Available options are 768, 1024, 2048 or 3072 bits. Larger keys are more secure, but also slower to use. The recommended key length for most occasions is 2048 bits.

Key Generation - Generation

On the Key Generation - Generation page the computer will generate your key files. This can take several minutes, depending on the chosen key length and the processor speed of the computer.

During the key generation phase, an animation of random bits is displayed. When the process is ready, the Next button becomes active and you can proceed to the next phase by clicking Next.

Key Generation - Enter Passphrase

On the Key Generation - Enter Passphrase page you can provide information describing the generated key pair, and protect the files with a passphrase.

Entering a passphrase for a newly generated key pair

Figure 5.6. Entering a passphrase for a newly generated key pair

File Name

Type a name for the key file in the File Name field.

Comment

In this field you can write a short comment that describes the key pair. You can for example describe the connection the files are used for. This field is not obligatory, but can be quite useful.

Passphrase

Type a phrase that you have to enter when handling the key. This passphrase works in a similar way to a password and gives some protection for your private key.

Make the passphrase difficult to guess. Use at least 8 characters, both letters and numbers. Any punctuation characters can be used as well.

Memorize the passphrase carefully, and do not write it down.

Retype passphrase

Type the passphrase again. This ensures that you have not made a typing error.

When you have typed the file name and typed the passphrase twice, you can click Next to proceed to the next phase.

Key Generation - Finish

The Key Generation - Finish page displays important information on the use of the key files.

The new private and public key have been generated. They are stored on your local computer in the %APPDATA%\SSH\UserKeys directory.

Click Finish to exit the Key Generation wizard.

Keys have now been generated

Figure 5.7. Keys have now been generated

To use the key pair for public-key authentication, you have to upload the public key to the remote host computer.

If the remote host has an SFTP server running, you can automatically upload a copy of your new public key to the server. To upload the key automatically, see Uploading Public Keys Automatically (Windows). To upload the key manually, see Uploading Public Keys Manually.