# Create SSH Keys

This page provides a step-by-step guide on how to **create SSH (Secure Shell) keys** for securely accessing your VPS or server. SSH keys are a more secure alternative to password-based authentication and are essential for managing your Constellation Network validator node.

You’ll learn how to generate a key pair. This guide is ideal for both new and experienced operators looking to establish a secure and reliable connection to their node infrastructure.

{% hint style="success" %}
We will learn now to set proper permissions, and copy your public key to the remote server later in the documentation. 
{% endhint %}

## :fire: <mark style="color:green;">IMPORTANT</mark> :fire:

Before starting the setup process, it is **strongly recommended** that you create a **dedicated backup file** to store critical information. This file should be securely saved on a **USB stick (thumb drive)**, a **remote secure location**, or even **printed and stored physically** for safekeeping.

{% content-ref url="/pages/xEjHf0ji0mbQ1PfjAC3y" %}
[Node Operator Notes](/run-a-node/validator-node-guides/build-your-node/node-operator-notes.md)
{% endcontent-ref %}

{% hint style="success" %}
Store this file **securely and offline**.

If it is **compromised**, it could lead to **unauthorized access** to your validator node and potentially result in **financial losses**.

Treat it with the same level of caution as you would sensitive personal or banking information.
{% endhint %}

## Procedure

{% tabs %}
{% tab title="Windows 11" %}

## Create an ED25519 SSH Key on Windows 11 Terminal

### Prerequisites

* Windows 11 (fully updated)
* OpenSSH client (comes pre-installed on Windows 11)
* Access to Windows Terminal, PowerShell, or Command Prompt

***

### Open the Terminal

You can use any of the following:

* Command Prompt
* PowerShell

> 💡 To open: Press `Win + X` → choose **Terminal.**

By default, **Windows will open PowerShell** when launching a terminal session. For the purposes of this guide, we will use **PowerShell as the default**, as it should **not make a difference** for the steps involved.

If you're more comfortable using Command Prompt or another terminal, feel free to do so, just ensure any command syntax aligns accordingly.

***

### Generate the SSH Key

Run the following command to generate a new **ED25519** SSH key:

```
ssh-keygen -t ed25519 -C "constellation network"
```

**Explanation:**

* `-t ed25519` → use ED25519 algorithm (modern, fast, and secure)
* `-C "comment"` → optional label (typically your email address)

For **anonymity purposes**, it is recommended **not to include personal information** (such as your name or email address) in the **comment section** when creating your SSH key.

Instead, you may choose to use a **descriptive comment** that helps you identify the key’s purpose later.

***

### Save the Key

You’ll see a prompt like:

```
Enter file in which to save the key (/c/Users/YourName/.ssh/id_ed25519):
```

**Options:**

* Press **Enter** to save in the default location:\
  `C:\Users\YourName\.ssh\constellation_network_keypair`
* Or type a custom path and filename if you want.  Leaving the key in the default location will help us later in the documentation and is best practice.

> ⚠️ Remember the location. Update your [notes ](#important)with the location now.

***

### Set a Passphrase

You’ll be prompted to enter a **passphrase**:

```
Enter passphrase (empty for no passphrase):
```

* You can press **Enter** to skip this step (<mark style="color:red;">**absolutely not recommended**</mark>).
* Or type a secure passphrase and press Enter.

> ⚠️ Remember the passphrase! You’ll need it every time you use the key. Update your [notes ](#important)with the location now.

***

### View Your New Keys

By default, two files are created in `C:\Users\YourName\.ssh`:

* **Private key** → `constellation_network_keypair`&#x20;
* **Public key** → `constellation_network_keypair.pub`&#x20;

⚠️ Remember the file names! You will need to remember your private key every time you attempt to connect to your node. Update your [notes ](#important)with the location now.

```
Microsoft Windows [Version 10.0.22631.5189]
(c) Microsoft Corporation. All rights reserved.

C:\Users\MyUser>cd .ssh

C:\Users\MyUser\.ssh>dir
 Volume in drive C is Windows-SSD
 Volume Serial Number is ZZZZ-ZZZZ

 Directory of C:\Users\MyUser\.ssh
```

{% endtab %}

{% tab title="Macintosh" %}

## Create an ED25519 SSH Key on MacOS

#### Open Terminal

1. Press `Command + Space` to open **Spotlight Search**.
2. Type `Terminal` and hit **Enter**.

***

### Generate a New SSH Key Pair

To generate a new key using the Ed25519 algorithm (recommended):

```
ssh-keygen -t ed25519 -C "constellation network"
```

### &#x20;Enter the name of our SSH key pair.

You'll see something like:

```
Enter file in which to save the key (/Users/yourname/.ssh/id_ed25519):
```

**Options:**

* Press **Enter** to save in the default location:\
  `/Users/yourname/.ssh/constellation_network_keypair`
* Or type a custom path and filename if you want.  Leaving the key in the default location will help us later in the documentation and is best practice.

> ⚠️ Remember the location. Update your [notes ](#important)with the location now.

### Enter a passphrase.

```
Enter passphrase (empty for no passphrase):
```

* You can press **Enter** to skip this step (<mark style="color:red;">**absolutely not recommended**</mark>).
* Or type a secure passphrase and press Enter.

> ⚠️ Remember the passphrase! You’ll need it every time you use the key. Update your [notes ](#important)with the location now.

***

### View Your New Keys

By default, two files are created in `/Users/yourname/.ssh/`:

* **Private key** → `constellation_network_keypair`&#x20;
* **Public key** → `constellation_network_keypair.pub`&#x20;

⚠️ Remember the file names! You will need to remember your private key every time you attempt to connect to your node. Update your [notes ](#important)with the location now.
{% endtab %}
{% endtabs %}

## Copy your public key for upload

When the time comes for your to upload your public key to your VPS, you can return to this section to remind yourself how to do so.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.constellationnetwork.io/run-a-node/references/ssh-remote-access/create-ssh-keys.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.