Public key authentication provides SSH users with the convenience of logging in to their server without entering their passwords. SSH keys are also more secure than passwords, because private keys are encrypted, or scrambled, so their contents can’t be read as easily.
SSH keys come in pairs; a private and a public key. Usually the private key is saved as
~/.ssh/id_<type> and the public key is
~/.ssh/id_<type>.pub. The type of encryption most often used by default is RSA, so your keys should be named
id_rsa.pub. The public key is meant to be handed out freely, and added to servers you wish to connect to in the
~/.ssh/authorized_keys file. The private key should be stored on your local machine.
If you are making use of our backup services make sure to edit your /etc/ssh/sshd_config and change the PermitRootLogin directive to the following:
This ensures that we can still connect to the server using the public key we copied to your server upon setup of the backup service. If this is not done we'll not be able to connect to the servers and thus not be able to make any backups.
Generating SSH-key pairs on a Linux and Unix-like Operating system:
The process for creating keys with a recent version of the OpenSSH package is the same across many different Unix-like operating systems. This includes all Linux distributions , workstations running Linux, and Apple's OS X.
- To generate SSH keys for your host, issue the following command on your local system:
ssh-keygen -t rsa -b 2048 (or 4096 bits if desired! :))
- Answer all questions when prompted, you can accept the default for everything except the passphrase. When you get to the passphrase question, enter a series of letters and numbers for the passphrase twice; once to enter the new passphrase and once to confirm. Important: make a note of your passphrase, as you will need it later. You may accept the defaults for the other questions by pressing Return when prompted
[wesley@tilaa ~]$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wesley/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wesley/.ssh/id_rsa.
Your public key has been saved in /home/wesley/.ssh/id_rsa.pub.
The key fingerprint is:
The newly-generated SSH keys are located in the
~/.ssh/ directory. You will find the private key in the
~/.ssh/id_rsa file and the public key in the
Uploading Keys to your remote machine (i.e. Tilaa VPS).
- Before uploading your public key to the VPS check if the .ssh directory exists using the following command in the home directory (the default directory when you login to your VPS):
- If the
.sshdirectory is present, proceed to Step 3. If the directory is not present, issue the following command in the
/home/userdirectory to create it:
mkdir .ssh (make sure the permissions on this folder are 700!) chmod 700 ~/.ssh
- Copy the public key into the
~/.ssh/authorized_keysfile on the VPS, using the following command. Substitute your own SSH user and host names:
scp ~/.ssh/id_rsa.pub email@example.com:/home/user/.ssh/uploaded_key.pub
- Run the following command to copy the key to the authorized_keys file. Substitute your own SSH user and host names:
ssh firstname.lastname@example.org "echo `cat ~/.ssh/uploaded_key.pub` >> ~/.ssh/authorized_keys
The final part in the SSH key process is to access your VPS with your new private key. Just SSH to your server from your local machine, you will be prompted for the passphrase which you typed in during the creation of your SSH key :)
Generating SSH keys on Windows:
1. Go to the Putty Download page.
2. Download PuTTY, PuTTYgen and Pageant
Creating the Key pair
1. Open PuTTYgen
2. Adjust amount of bits generated from 1024 to 4096.
3. Click 'Generate'
4. Move your mouse into random directions in the empty field within PuTTYgen.
5. Give up a name within the 'Key comment' field.
6. Give up a password in the fields 'Key passphrase' and 'Confirm passphrase'.
7. Click on 'Save Private Key'.
8. Save your private key somewhere
9. Copy the upper output (public key) and temporarily paste it into the notepad.
10. Close PuTTYgen.
Adding the Private Key to Pageant
When you've created the key pair you need to add the private key to PuTTY. For this you can use Pageant.
1. Open Pageant
2. Click on 'Add key'.
3. Select the .pkk file (private key)
4. If needed enter the passphrase you entered earlier.
At this point all that's left is copying the public key to ~/.ssh/authorized_keys (You can use the instructions mentioned earlier).