SSH key

From MoodleDocs

What is a SSH key?

SSH keys are used for secure connections across a network. They come in pairs, so you have a public key and a private key.

The standard ssh2 file format (see looks like this:

Comment: "jtbell@Jon-Bells-Computer"

However, Moodle uses OpenSSH on its server and this key will not work with the OpenSSH server in this format; OpenSSH requires the key to be in OpenSSH format. Here is an example of a DSA public key in OpenSSH format (usually they are all in one line):

2AV4pO6y+6hDrWo3UT4dLVuzK01trwp PYp6JXTSZZ12ZaXNPz7sX9/z6pzMqhX4UEfjVsLcuF+ZS6a

In addition to OpenSSH and Standard SSH formats there are a variety of proprietary formats as well as SSH1 and SSH2 differences to account for, which can make this confusing.

In the example above you will note that the key starts with "ssh-dss". This is because this key was generated using DSA as opposed to RSA. A number of vendors in the SSH arena have argued, as per the PuTTY documentation that can be found at that users should employ RSA encryption because

DSA has an intrinsic weakness which makes it very easy to create a signature
which contains enough information to give away the private key! This would 
allow an attacker to pretend to be you for any number of future sessions. 

An SSH2 public key in OpenSSH format will start with "ssh-rsa".

The idea behind all of this is that once you have keys on the remote server and your local host, access will be simpler since the server will only grant access to someone who has the matching private key.

Why do I need a SSH key?

Our CVS server uses OpenSSH, so if you are a Moodle developer and you want to make your logins easier (by avoiding typing in your password all the time) then you will need to submit public key in Openssh format via the "Update my developer information" tab at

How do I create a SSH key pair?


If you plan to use Eclipse for development, please refer to the Eclipse document as Eclipse now has a plugin that allows you to manage all ssh key matters from within Eclipse.


You can use ssh-keygen at your system prompt. Please consult the man page on your system for the options available to you.

  1. Run: ssh-keygen -t (rsa or dsa). This will not include a passphrase. *
  2. Use of rsa or dsa above will result in rsa or dsa replacing each XXX below.
  3. Look in your ~/.ssh directory (or wherever you saved the output). You'll find id_XXX (private) and (public).
  4. Cut and paste the contents of into your developer profile on
  5. Put the private key wherever you will be calling CVS from (in your .ssh directory, for example). Make sure it's secure!
  • This section initially recommended using ssh-keygen -d but it is unclear what the source of this -d option might be.


Use puttygen and follow the instructions here. Make sure you choose the RSA2 key format and that when you copy the key data into the textbox on the site, that you have all of the characters on one line. If you have opened the key with word pad, it will have line breaks in it which will stop it from working.

The box should look like this:

AAAAWfg&jkf4D34H5@4svf..... (single very long line continues beyond edge of textbox)

Mac OS X

If you have an existing key in Putty format, open it in puttygen on windows and then choose conversions and export as openssh format. You can then import the key into OS X using

 ssh-add -K filename

The -K flag is optional and stores your passphrase in the keychain ssh-add documentation