Skip to main content

Setting up SSH Keys (Public Key Authentication)

SSH Public Key authentication allows you to log in to your server without typing a password. It is significantly more secure than standard passwords because it protects against brute-force attacks.

An SSH key consists of a pair:

  • Private Key: Stored safely on your computer (never share this!).
  • Public Key: Uploaded to the server you want to access.
Important for Managed Backup Users:
If you use Tilaa's Managed Backup service, you must ensure our backup server can still log in.

When disabling password authentication, verify that /etc/ssh/sshd_config contains:
PermitRootLogin prohibit-password (or without-password on older systems).

Never use "PermitRootLogin no", or our backup system will be locked out.

 

Add SSH keys to MyTilaa

You can add your SSH keys to MyTilaa for easier access to your VPS.
https://my.tilaa.com/en/ssh_keys

On the first install of a VPS, the key will be added by cloud-init to your VPS.

Option 1: Linux, macOS & Windows 10/11 (OpenSSH)

Modern operating systems (including Windows 10+) have SSH built-in. You can use the terminal/PowerShell.

1. Generate the Key Pair

Open your terminal (or PowerShell) on your local computer and run:

ssh-keygen -t rsa -b 4096

Follow the prompts:

  • File location: Press Enter to accept the default (~/.ssh/id_rsa).
  • Passphrase: We recommend entering a passphrase for extra security (this encrypts the key on your disk), but you can leave it empty for automated scripts.

2. Copy the Public Key to your VPS

Linux / macOS Users:
Use the dedicated copy tool (replace with your server details):

ssh-copy-id root@your-server-ip

Windows (PowerShell) Users:
Since Windows lacks ssh-copy-id, use this command to append the key:

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh root@your-server-ip "cat >> .ssh/authorized_keys"

Option 2: Legacy Windows (PuTTY)

If you prefer using a graphical interface or are on an older Windows version, use PuTTY.

1. Generate Key (PuTTYgen)

  1. Download and open PuTTYgen.
  2. Under Parameters, choose RSA and set bits to 4096.
  3. Click Generate and move your mouse over the blank area.
  4. Save Private Key: Click the button to save the .ppk file to your computer.
  5. Copy Public Key: Copy the text in the top box ("Public key for pasting...").

2. Upload to Server

  1. Log in to your VPS using the normal PuTTY terminal (with username/password).

  2. Create the SSH directory (if missing):

    mkdir -p ~/.ssh && chmod 700 ~/.ssh

  3. Open the authorized_keys file:

    nano ~/.ssh/authorized_keys
  4. Paste the public key (right-click in PuTTY) and save (Ctrl+O, Enter, Ctrl+X).

  5. Set correct permissions:

    chmod 600 ~/.ssh/authorized_keys

3. Testing & Disabling Passwords

Before you disable password logins completely, test your new key!

  1. Open a new terminal window.
  2. Type ssh root@your-server-ip.
  3. If you log in without being asked for the server password (it might ask for your key passphrase), it works.

Optional: Disable Password Authentication
For maximum security, edit /etc/ssh/sshd_config on the server:

PasswordAuthentication no
PermitRootLogin prohibit-password

Then restart SSH: systemctl restart ssh.