For security reasons, it is recommended to use
SSH keys instead of a password for accessing the server. The biggest
advantage SSH keys provide is that its nearly impossible to be
deciphered, while a password could be cracked or intercepted by
brute-force password attacks. Furthermore,
authentication by SSH keys is more convenient than using a password, due
to you will be able to connect a server or multiple servers without any
need to remember and enter your password each time.
1. Generating SSH keys pairSSH keys are always generated in pairs with the private and public keys. The private key should be safely guarded and known only by you. The public key can be shared with any server, which you would like to access.
Generate SSH keys via command line in Linux OS
To generate SSH keys run the command:
ssh-keygen -t rsa -b 4096
Then you will be asked in which file key should be saved:
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Secondly, you will be asked for a passphrase:
Enter passphrase (empty for no passphrase):
It is not required but highly recommended because passphrase provides more security. Without a passphrase, your private key would be stored on your computer in an unencrypted form. We recommend enter the passphrase and choose something that will be hard to guess in order to ensure the security of your private key.
Finally, you will see a message, where your private and public keys were saved:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
4d:23:69:6a:7a:39:12:a2:eb:bb:d6:78:66:2a:64:a9
root@server.hostname
Generating SSH keys via PuTTY Key Generator (PuTTYgen) in Windows OSPuTTYgen is a free utility, which we will use to generate SSH keys for use in PuTTY to connect the server. PuTTYgen and PuTTY client could be downloaded
here. Run downloaded PuTTYgen and press button
Generate:
After pressing
Generate start moving the mouse within the window, because Putty uses mouse movements to collect randomness. When key would be generated enter passphrase to
Key passphrase: and
Confirm passphrase: fields.
Note: it is not required, but highly recommended because passphrase provides more security. Without a passphrase, your private key would be stored on your computer in an unencrypted form. We recommend enter a passphrase and choose something that will be hard to guess in order to ensure the security of your private key.
Then press buttons
Save public key and
Save private key, enter names for files and choose the folder where files should be stored:
2. Set up SSH keysTo set up SSH keys to your server you could
install / re-install OS. First of all open saved public key file and perform these changes:
For key generated via the command line (Linux OS)You may see such key:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4H28lnMmxT6c+6KzlNGuUDH7C+bWwyaMpp4gV/iOyX0R/laSeliolW1fxJdVHkLKUL7uewMu+h6RDsjkprFZKP7XEdzxYFRzOKzB541QjIunl33qhd6XLgdc4o0ddJs6RGYaxJJgxYWmBNS+1HKEGWK9uCONRv9CJD/QY/BTaMXfHMMf2FLrYJcIebVPsciz0HngAJ04I/KptGf+ILQQ+kLEeKJJIFRC4Zu0+pbX1niF7oMXXHdvf7xypF8pleDLJzWD92KF7AFlQ+973v/sL2bM5yRPZlX7LcG6GsNdc34Ht2drbmfFEwsN12W7jCEomCIucoXieInxECOI9AUTj root@server.hostname
Change root@server.hostname to
root@<server_ip_address>, where
<server_ip_address> is your server IP address. After changes public key should look like:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4H28lnMmxT6c+6KzlNGuUDH7C+bWwyaMpp4gV/iOyX0R/laSeliolW1fxJdVHkLKUL7uewMu+h6RDsjkprFZKP7XEdzxYFRzOKzB541QjIunl33qhd6XLgdc4o0ddJs6RGYaxJJgxYWmBNS+1HKEGWK9uCONRv9CJD/QY/BTaMXfHMMf2FLrYJcIebVPsciz0HngAJ04I/KptGf+ILQQ+kLEeKJJIFRC4Zu0+pbX1niF7oMXXHdvf7xypF8pleDLJzWD92KF7AFlQ+973v/sL2bM5yRPZlX7LcG6GsNdc34Ht2drbmfFEwsN12W7jCEomCIucoXieInxECOI9AUTj root@127.0.0.1
Choose actual OS from the drop-down list, mark
Use SSH key and paste the public key to the field below.
For key generated via PuTTYgen (Windows OS)You may see such key:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20170914"
AAAAB3NzaC1yc2EAAAABJQAAAQEAhdTLlJz6DiY25lj1nmjULToCqbkVideWg3xM
JQa0TEpCxy/IYdmsg6T4thWD0Y42btuKT8x7gKwjlttuRoQPCQomlyCBoVsdM+ax
/U6PxvjWNpVVrk6qXORslLsRU/LvCn2NkfLZiYZGIE3SrcPvQIiYQJ/yZBCJg/7L
OnTkGbzJq9SR+iyAVmL3xduMKx8KOB8Ohk3o6N/1onFizBCnrUAXpN3vh2dCZCPF
nOb+lcjqn8LplFUv205kSJH8kHbRsc8N1QBl0U9UX+Ij72KKq0HyG21lZdF1UF4H
NTyuzaS1luknL6QuhQQ9IcYmedw7BxcIIBkDsorE4cFquU+gjQ==
---- END SSH2 PUBLIC KEY ----
Copy key between comment
Comment: "rsa-key-20170914" and end of key
---- END SSH2 PUBLIC KEY ----. Also delete all new lines and spaces, which could be by opening a file via Notepad. Choose actual OS from the drop-down list and mark
Use SSH key. To the field below enter "
ssh-rsa ", then paste copied public key and enter "
root@<server_ip_address>", where
<server_ip_address> is your server's IP address. The pasted public key should look like:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlnlhLnzD3+8yEYQoO724H86b/zjHEJWNy/W8AEYsQTCnkhY2lC+O6lVjBI3Fssr4cTNTZ6H+Yh0nbqUdBoYJjkXjAMHVNDo0FYJH5Urgq6OeV3EaxZeuQxcSTzSU4zXBB2SlQ5ZYNGsEGW71nnXPWB4ji8dbJTyodiMlcR/1GuW2d8cPNXUj/gk381NypSvdLF9T4XNAOfQWtFR13wg/YtgnIM1m3jjbtoLo1GKgau68NEp5oQVOMHWQC7/cHqJaWWsbEt/lQjr9wUoMIjjwzThJlWwF86rNVRkz+ORBDyoDioFTXcOSe93hy2Hm4ow8F2kDqlS+05v/qShOTiKWWw== root@127.0.0.1
3. Connect server with SSH keysConnection via PuTTY (for Windows OS)Most convenient is to create and save a profile for connection in PuTTY. First of all open PuTTY and in the
Host Name (or IP address) field enter your server hostname or IP address. Enter the port for SSH into field
Port (default is 22) and mark
SSH as
Connection type:
On the left-hand side of the window select
Data under
Connection. To the field
Auto-login username enter
root:
Expand
SSH under
Connection and select
Auth. Click button
Browse on the right-hand side of the window and choose your private key.
Select the
Session category and enter a profile name to the
Saved Sessions field. Click button
Save in the
Load, Save or Delete a stored session area.
Now you are to log in with saved profile - just choose it in the list under
Saved Sessions and click button
Open. You will not be asked for a password, but, if you had set a passphrase, you would be asked for it at every time you log in.
Connection via the command line (for Linux OS)Firstly you need to create a
~/.ssh/config file on your computer and add key and server details to it:
Host shortcut
HostName serverIPAddress
User root
IdentityFile /home/username/.ssh/id_rsa
Where:
*
Host is the name of shortcut you will use for connecting your server
*
HostName is IP address of the server you would connect
*
User is root
*
IdentityFile is the full route to your private key
After
~/.ssh/config file would be created, you will be able to connect the server by shortcut name via command:
ssh shortcut
You will not be asked for a password, but, if you had set a passphrase, you would be asked for it at every time you log in.