Generating a public and private key for SSH logon

Before you can access IBM® Sterling Order Management servers or environments, you must generate a pair of public and private keys for SSH logon and provide IBM the public key. You can use the Cygwin key generator utility to create the public and private keys for SSH logon that you need for accessing IBM Sterling Order Management environment servers and applications.

You must use a public and private key-based Secure Shell (SSH) logon to connect to an IBM Sterling Order Management server or environment. Only users that possess a valid private and public key can log on to an IBM Sterling Order Management server or environment. By using a key-based logon, you can identify yourself to the target IBM Sterling Order Management server through a key instead of entering a password. The private key, which only you possess, generates a signature that can be verified by your public key, which IBM includes on the IBM Sterling Order Management servers that you need to access.

Before you begin

Ensure to download and install your key generator utility. As an example, for Windows OS, use Cygwin. To download the Cygwin utility tool, go to the Cygwin URL.

When you are installing the Cygwin utility tool, select to download and install the OpenSSH package within the Net category.


  1. If you are using Windows OS, launch the Cygwin Terminal that you have installed on your local machine. Otherwise, skip this step.
  2. Run the following command:
    $ ssh-keygen -t rsa -b 2048
    • -t rsa identifies the type of key to generate.
    • -b 2048 identifies the number of bits that are in the length of the key.
    Note: You can add comments for the key within the generated file to improve the organization of your keys. To add a comment, add the -C parameter to the command to generate the key. For instance,
    $ ssh-keygen -t rsa -b 2048 -C "my IBM Order Management public key"
    Note: The comments are stored in the end of the generated key file. You can edit the comments with a text editor.
  3. When prompted, enter the file name for the files that are to include the generated keys.
    Use the format clientID_coc_userID to name the file. The private key is stored in an OpenSSH format, while the public key is stored within a .pub file.
  4. Enter, and then confirm, a passphrase to secure your generated private key.
    Include at least 10 random characters within your passphrase. You can change the passphrase for your key after the key is created. Change the passphrase at least once annually. To change the passphrase, run the following command: $ ssh-keygen –p
    After you confirm your passphrase, the utility runs and generates your public key and private key within files that match your specified file name.
  5. Go to your key folder directory and ensure that both the public and private key files exist.
  6. Provide your public key to IBM to install on any server that you need to access.
    The public key must be within an OpenSSH authorized keys file.

What to do next

With your keys installed on your IBM Sterling Order Management servers and on your local machine, you can request access to an IBM Sterling Order Management server or environment to complete changes for your IBM Sterling Order Management services. To request access to a server or environment, you must open a service request.