How to generate and share an SSH public key (RSA)

To establish a secure connection with the SFTP server, you need to generate an SSH key pair and share only the public key with Orquest. The private key must never leave the machine on which it was generated.

What is an SSH key pair?

Generating an SSH key produces two files:

File Description

Private key (id_rsa)

Must remain on the originating machine and must not be shared with anyone.

Public key (id_rsa.pub)

This is the file to send. It contains no sensitive information.

Before creating a new .ssh pair, it’s recommended to check if one already exists on the system:

  • macOS / Linux: ls ~/.ssh/id_rsa

  • PowerShell: Test-Path "$env:USERPROFILE\.ssh\id_rsa"

If the file exists and is used for other systems, you can create a specific .ssh pair with a different name.

Step 1 — Generating the key pair

macOS or Linux

  1. Open the Terminal application.

  2. Run the following command:

    ssh-keygen -t rsa -b 4096 -C "email@company.com"

    Replace email@company.com with the appropriate corporate email address.

  3. The system will ask for a location to save the key. Press Enter to accept the default path (~/.ssh/id_rsa).

  4. You will then be prompted for a passphrase. Setting one is recommended, as it adds an extra layer of protection in case of unauthorized access to the machine. Enter it, press Enter, confirm it, and press Enter again.

  5. When complete, a message similar to the following will appear:

    Your identification has been saved in /Users/user/.ssh/id_rsa
Your public key has been saved in /Users/user/.ssh/id_rsa.pub

Windows

Option A — PowerShell (Windows 10/11, recommended)

  1. Open PowerShell (accessible from the Start menu).

  2. Run:

    ssh-keygen -t rsa -b 4096 -C "email@company.com"

  3. Follow the same steps described for macOS/Linux.

    The key will be saved by default at C:\Users\User\.ssh\id_rsa.

Option B — PuTTYgen (for PuTTY users)

  1. Download and install PuTTY if not already available.

  2. Open PuTTYgen (included in the PuTTY installation).

  3. Select the RSA type and set the number of bits to 4096.

  4. Click Generate and move the mouse around the window to generate randomness.

  5. Optionally, enter a passphrase in the Key passphrase and Confirm passphrase fields.

  6. Click Save private key to store the private key in a safe location.

  7. Copy the text from the top box (Public key for pasting into OpenSSH authorized_keys). This is the content to send.

Step 2 — Locating the public key

The file to send is id_rsa.pub. Its content can be viewed with the following commands:

macOS / Linux:

cat ~/.ssh/id_rsa.pub

PowerShell:

Get-Content "$env:USERPROFILE\.ssh\id_rsa.pub"

The output will look similar to the following:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQ... email@company.com

Step 3 — Sending the public key

Once you have obtained the public key, send it to the Orquest team through a secure channel.

If you receive any communication requesting the private key, it must not be shared under any circumstances. The Orquest team will never ask for the private key.