frame

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

How to set up and use SSH keys

AnastasijaAnastasija Member

For security reasons, it is recommended to use SSH keys instead of a password for accessing the server. The biggest advantage SSH keys provide is that its nearly impossible to be deciphered, while a password could be cracked or intercepted by brute-force password attacks. Furthermore, authentication by SSH keys is more convenient than using a password, due to you will be able to connect a server or multiple servers without any need to remember and enter your password each time.

1. Generating SSH keys pair

SSH keys are always generated in pairs with the private and public keys. The private key should be safely guarded and known only by you. The public key can be shared with any server, which you would like to access.

Generate SSH keys via command line in Linux OS

To generate SSH keys run the command:

ssh-keygen -t rsa -b 4096

Then you will be asked in which file key should be saved:

Enter file in which to save the key (/home/username/.ssh/id_rsa):

Secondly, you will be asked for a passphrase:

Enter passphrase (empty for no passphrase):

It is not required but highly recommended because passphrase provides more security. Without a passphrase, your private key would be stored on your computer in an unencrypted form. We recommend enter the passphrase and choose something that will be hard to guess in order to ensure the security of your private key.

Finally, you will see a message, where your private and public keys were saved:

Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
4d:23:69:6a:7a:39:12:a2:eb:bb:d6:78:66:2a:64:a9
root@server.hostname

Generating SSH keys via PuTTY Key Generator (PuTTYgen) in Windows OS

PuTTYgen is a free utility, which we will use to generate SSH keys for use in PuTTY to connect the server. PuTTYgen and PuTTY client could be downloaded here. Run downloaded PuTTYgen and press button Generate:



After pressing Generate start moving the mouse within the window, because Putty uses mouse movements to collect randomness. When key would be generated enter passphrase to Key passphrase: and Confirm passphrase: fields. Note: it is not required, but highly recommended because passphrase provides more security. Without a passphrase, your private key would be stored on your computer in an unencrypted form. We recommend enter a passphrase and choose something that will be hard to guess in order to ensure the security of your private key.

Then press buttons Save public key and Save private key, enter names for files and choose the folder where files should be stored:


2. Set up SSH keys

To set up SSH keys to your server you could install / re-install OS. First of all open saved public key file and perform these changes:

For key generated via the command line (Linux OS)

You may see such key:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4H28lnMmxT6c+6KzlNGuUDH7C+bWwyaMpp4gV/iOyX0R/laSeliolW1fxJdVHkLKUL7uewMu+h6RDsjkprFZKP7XEdzxYFRzOKzB541QjIunl33qhd6XLgdc4o0ddJs6RGYaxJJgxYWmBNS+1HKEGWK9uCONRv9CJD/QY/BTaMXfHMMf2FLrYJcIebVPsciz0HngAJ04I/KptGf+ILQQ+kLEeKJJIFRC4Zu0+pbX1niF7oMXXHdvf7xypF8pleDLJzWD92KF7AFlQ+973v/sL2bM5yRPZlX7LcG6GsNdc34Ht2drbmfFEwsN12W7jCEomCIucoXieInxECOI9AUTj root@server.hostname

Change root@server.hostname to root@<server_ip_address>, where <server_ip_address> is your server IP address. After changes public key should look like:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4H28lnMmxT6c+6KzlNGuUDH7C+bWwyaMpp4gV/iOyX0R/laSeliolW1fxJdVHkLKUL7uewMu+h6RDsjkprFZKP7XEdzxYFRzOKzB541QjIunl33qhd6XLgdc4o0ddJs6RGYaxJJgxYWmBNS+1HKEGWK9uCONRv9CJD/QY/BTaMXfHMMf2FLrYJcIebVPsciz0HngAJ04I/KptGf+ILQQ+kLEeKJJIFRC4Zu0+pbX1niF7oMXXHdvf7xypF8pleDLJzWD92KF7AFlQ+973v/sL2bM5yRPZlX7LcG6GsNdc34Ht2drbmfFEwsN12W7jCEomCIucoXieInxECOI9AUTj root@127.0.0.1

Choose actual OS from the drop-down list, mark Use SSH key and paste the public key to the field below.

For key generated via PuTTYgen (Windows OS)

You may see such key:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20170914"
AAAAB3NzaC1yc2EAAAABJQAAAQEAhdTLlJz6DiY25lj1nmjULToCqbkVideWg3xM
JQa0TEpCxy/IYdmsg6T4thWD0Y42btuKT8x7gKwjlttuRoQPCQomlyCBoVsdM+ax
/U6PxvjWNpVVrk6qXORslLsRU/LvCn2NkfLZiYZGIE3SrcPvQIiYQJ/yZBCJg/7L
OnTkGbzJq9SR+iyAVmL3xduMKx8KOB8Ohk3o6N/1onFizBCnrUAXpN3vh2dCZCPF
nOb+lcjqn8LplFUv205kSJH8kHbRsc8N1QBl0U9UX+Ij72KKq0HyG21lZdF1UF4H
NTyuzaS1luknL6QuhQQ9IcYmedw7BxcIIBkDsorE4cFquU+gjQ==
---- END SSH2 PUBLIC KEY ----

Copy key between comment Comment: "rsa-key-20170914" and end of key ---- END SSH2 PUBLIC KEY ----. Also delete all new lines and spaces, which could be by opening a file via Notepad. Choose actual OS from the drop-down list and mark Use SSH key. To the field below enter "ssh-rsa ", then paste copied public key and enter " root@<server_ip_address>", where <server_ip_address> is your server's IP address. The pasted public key should look like:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlnlhLnzD3+8yEYQoO724H86b/zjHEJWNy/W8AEYsQTCnkhY2lC+O6lVjBI3Fssr4cTNTZ6H+Yh0nbqUdBoYJjkXjAMHVNDo0FYJH5Urgq6OeV3EaxZeuQxcSTzSU4zXBB2SlQ5ZYNGsEGW71nnXPWB4ji8dbJTyodiMlcR/1GuW2d8cPNXUj/gk381NypSvdLF9T4XNAOfQWtFR13wg/YtgnIM1m3jjbtoLo1GKgau68NEp5oQVOMHWQC7/cHqJaWWsbEt/lQjr9wUoMIjjwzThJlWwF86rNVRkz+ORBDyoDioFTXcOSe93hy2Hm4ow8F2kDqlS+05v/qShOTiKWWw== root@127.0.0.1


3. Connect server with SSH keys

Connection via PuTTY (for Windows OS)

Most convenient is to create and save a profile for connection in PuTTY. First of all open PuTTY and in the Host Name (or IP address) field enter your server hostname or IP address. Enter the port for SSH into field Port (default is 22) and mark SSH as Connection type:


On the left-hand side of the window select Data under Connection. To the field Auto-login username enter root:


Expand SSH under Connection and select Auth. Click button Browse on the right-hand side of the window and choose your private key.


Select the Session category and enter a profile name to the Saved Sessions field. Click button Save in the Load, Save or Delete a stored session area.


Now you are to log in with saved profile - just choose it in the list under Saved Sessions and click button Open. You will not be asked for a password, but, if you had set a passphrase, you would be asked for it at every time you log in.

Connection via the command line (for Linux OS)

Firstly you need to create a ~/.ssh/config file on your computer and add key and server details to it:

Host shortcut
HostName serverIPAddress
User root
IdentityFile /home/username/.ssh/id_rsa

Where:

* Host is the name of shortcut you will use for connecting your server
* HostName is IP address of the server you would connect
* User is root
* IdentityFile is the full route to your private key

After ~/.ssh/config file would be created, you will be able to connect the server by shortcut name via command:

ssh shortcut

You will not be asked for a password, but, if you had set a passphrase, you would be asked for it at every time you log in.



Sign In or Register to comment.

Time4VPS

Learn how to install a web and database server, email, FTP client or other applications. Discover and share information on server security or optimization recommendations.
Feel free to join our constantly expanding community, participate in discussions, strengthen your knowledge on Linux and Windows server management!
© 2013 - 2024 Time4VPS. All rights reserved.

Get In Touch