Creating SSH keys

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

This page describes how to create SSH keys.

SSH keys can be used to establish a secure connection with Bitbucket Data Center and Server for:

  • when you are performing Git operations from your local machine
  • when another system or process needs access to repositories in Bitbucket (for example your build server)

The SSH key needs to be added to Bitbucket, and your Bitbucket administrator must have enabled SSH access to Git repositories before you can make use of the key.

Bitbucket supports the following SSH key types:
  • ED25519
  • RSA2 (we recommend you use a key size of at least 2048 bits)
  • ECDSA
  • DSA (we recommend you use other key types)

You can use an existing SSH key with Bitbucket if you want, in which case you can go straight to either SSH user keys for personal use or SSH access keys for system use.

On this page:

Creating an SSH key on Windows

1. Check for existing SSH keys

You should check for existing SSH keys on your local computer. You can use an existing SSH key with Bitbucket if you want, in which case you can go straight to either SSH user keys for personal use or SSH access keys for system use.

Open a command prompt, and run:

cd %userprofile%/.ssh

2. Back up old SSH keys

If you have existing SSH keys, but you don't want to use them when connecting to Bitbucket, you should back those up.

In a command prompt on your local computer, run:

mkdir key_backup
copy id_ed25519* key_backup

3. Generate a new SSH key

If you don't have an existing SSH key that you wish to use, generate one as follows:

  1. Log in to your local computer as an administrator.
  2. In a command prompt, run:

    ssh-keygen -t ed25519 -C "your_email@example.com"

    Note: If you're using a legacy system that doesn't support the ED25519 algorithm, run:

    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    Associating the key with your email address helps you to identify the key later on.

    Note that the ssh-keygen command is only available if you have already installed Git (with Git Bash).
    You'll see a response similar to this:

    C:\Users\fperez>ssh-keygen -t ed25519 -C "your_email@example.com"
    Generating public/private ed25519 key pair.
    Enter file in which to save the key (/c/Users/fperez/.ssh/id_ed25519):
  3. Just press <Enter> to accept the default location and file name. If the .ssh directory doesn't exist, the system creates one for you.
  4. Enter, and re-enter, a passphrase when prompted. The whole interaction will look similar to this:

    C:\Users\fperez>ssh-keygen -t ed25519 -C "your_email@example.com"
    Generating public/private ed25519 key pair.
    Enter file in which to save the key (/c/Users/fperez/.ssh/id_ed25519):
    Created directory '/c/Users/fperez/.ssh'.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in c/Users/fperez/.ssh/id_ed25519.
    Your public key has been saved in c/Users/fperez/.ssh/id_ed25519.pub.
    The key fingerprint is:
    SHA256:wvaHYeLtY6+DlvV5sFZgDi3abcdefghijklmnopqrstuvw your_email@example.com
  5. You're done and you can now go to either SSH user keys for personal use or SSH access keys for system use.

Creating an SSH key on Linux & macOS

1. Check for existing SSH keys

You should check for existing SSH keys on your local computer. You can use an existing SSH key with Bitbucket if you want, in which case you can go straight to either SSH user keys for personal use or SSH access keys for system use.

Open a terminal and run the following:

cd ~/.ssh

2. Back up old SSH keys

If you have existing SSH keys, but you don't want to use them when connecting to Bitbucket, you should back those up.

Do this in a terminal on your local computer, by running:

mkdir key_backup
cp id_ed25519* key_backup

3. Generate a new key

If you don't have an existing SSH key that you wish to use, generate one as follows:

  1. Open a terminal on your local computer and enter the following:

    ssh-keygen -t ed25519 -C "your_email@example.com"

    Note: If you're using a legacy system that doesn't support the ED25519 algorithm, use:

    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    Associating the key with your email address helps you to identify the key later on.

    You'll see a response similar to this:

    fperez@homemac ~ % ssh-keygen -t ed25519 -C fperez@email.com
    Generating public/private ed25519 key pair.
    Enter file in which to save the key (/Users/fperez/.ssh/id_ed25519): 
  2. Just press <Enter> to accept the default location and file name. If the .ssh directory doesn't exist, the system creates one for you.
  3. Enter, and re-enter, a passphrase when prompted.
    The whole interaction will look similar to this:

    fperez@homemac ~ % ssh-keygen -t ed25519 -C fperez@email.com
    Generating public/private ed25519 key pair.
    Enter file in which to save the key (/Users/fperez/.ssh/id_ed25519): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /Users/fperez/.ssh/id_ed25519.
    Your public key has been saved in /Users/fperez/.ssh/id_ed25519.pub.
    The key fingerprint is:
    SHA256:gTVWKbn41z6JgBNu3wYjLC4abcdefghijklmnopqrstuvwxy fperez@email.com
    The key's randomart image is:
    +--[ED25519 256]--+
    |==+.    +o..     |
    |.oE.   +o..      |
    |    . ...o       |
    |     .o...       |
    |     oo+S  .     |
    |  + ..B = . .    |
    |.+.+.oo+ * o .   |
    |o++.o+  . + +    |
    |B+ o.    .   .   |
    +----[SHA256]-----+
    fperez@homemac ~ % 
  4. You're done and you can now go to either SSH user keys for personal use or SSH access keys for system use.
Last modified on May 9, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.