?For security reasons it is recommended to use SSH keys instead of password for accessing server. The biggest advantage SSH keys provide is that its nearly impossible to be deciphered, while a password could be cracked or intercepted by brute-force password attacks. Furthermore, authentication by SSH keys is more convenient than using password, due to you will be able to connect server or multiply server without any need to remember and enter your password each time.
1. Generating SSH keys pair
SSH keys are always generated in pairs with private and public key. The private key should be safely guarded and known only by you. The public key can be shared with any server, which you would like to access.
Generate SSH keys via command line in Linux OS
To generate SSH keys run command:
ssh-keygen -t rsa -b 4096
Then you will be asked in which file key should be saved:
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Secondly you will be asked for passphrase:
Enter passphrase (empty for no passphrase):
It is not required, but highly recommended because passphrase provides more security. Without passphrase your private key would be stored on your computer in an unencrypted form. We recommend enter passhrase and choose something that will be hard to guess in order to ensure security of your private key.
Finally you will see a message, where your private and public keys were saved:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
Generating SSH keys via PuTTY Key Generator (PuTTYgen) in Windows OS
PuTTYgen is a free utility, which we will use to generate SSH keys for use in PuTTY to connect server. PuTTYgen and PuTTY client could be download . Run downloaded PuTTYgen and press button Generate:
After pressing Generate start moving the mouse within the window, because Putty uses mouse movements to collect randomness. When key would be generated enter passphrase to Key passphrase: and Confirm passphrase: fields. Note: it is not required, but highly recommended because passphrase provides more security. Without passphrase your private key would be stored on your computer in an unencrypted form. We recommend enter passhrase and choose something that will be hard to guess in order to ensure security of your private key.
Then press buttons Save public key and Save private key, enter names for files and choose folder where files should be stored:
2. Set up SSH keys
For set up SSH keys to your server you could to install / re-install OS. First of all open saved public key file and perform these changes:
For key generated via command line (Linux OS)
You may see such key:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4H28lnMmxT6c+6KzlNGuUDH7C+bWwyaMpp4gV/iOyX0R/laSeliolW1fxJdVHkLKUL7uewMu+h6RDsjkprFZKP7XEdzxYFRzOKzB541QjIunl33qhd6XLgdc4o0ddJs6RGYaxJJgxYWmBNS+1HKEGWK9uCONRv9CJD/QY/BTaMXfHMMf2FLrYJcIebVPsciz0HngAJ04I/KptGf+ILQQ+kLEeKJJIFRC4Zu0+pbX1niF7oMXXHdvf7xypF8pleDLJzWD92KF7AFlQ+973v/sL2bM5yRPZlX7LcG6GsNdc34Ht2drbmfFEwsN12W7jCEomCIucoXieInxECOI9AUTj email@example.com
Change firstname.lastname@example.org to root@, where is your server IP address. After changes public key should look like as:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4H28lnMmxT6c+6KzlNGuUDH7C+bWwyaMpp4gV/iOyX0R/laSeliolW1fxJdVHkLKUL7uewMu+h6RDsjkprFZKP7XEdzxYFRzOKzB541QjIunl33qhd6XLgdc4o0ddJs6RGYaxJJgxYWmBNS+1HKEGWK9uCONRv9CJD/QY/BTaMXfHMMf2FLrYJcIebVPsciz0HngAJ04I/KptGf+ILQQ+kLEeKJJIFRC4Zu0+pbX1niF7oMXXHdvf7xypF8pleDLJzWD92KF7AFlQ+973v/sL2bM5yRPZlX7LcG6GsNdc34Ht2drbmfFEwsN12W7jCEomCIucoXieInxECOI9AUTj email@example.com
Choose actual OS from drop-down list, mark Use SSH key and paste public key to the field below.
For key generated via PuTTYgen (Windows OS)
You may see such key:
—- BEGIN SSH2 PUBLIC KEY —-
—- END SSH2 PUBLIC KEY —-
Copy key between comment Comment: “rsa-key-20170914” and end of key —- END SSH2 PUBLIC KEY —-. Also delete all new lines, which could be by opening file via Notepad. Choose actual OS from drop-down list and mark Use SSH key. To the filed below enter “ssh-rsa “, then paste copied public key and enter “ root@“, where is your server’s IP address. Pasted public key should look like as:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlnlhLnzD3+8yEYQoO724H86b/zjHEJWNy/W8AEYsQTCnkhY2lC+O6lVjBI3Fssr4cTNTZ6H+Yh0nbqUdBoYJjkXjAMHVNDo0FYJH5Urgq6OeV3EaxZeuQxcSTzSU4zXBB2SlQ5ZYNGsEGW71nnXPWB4ji8dbJTyodiMlcR/1GuW2d8cPNXUj/gk381NypSvdLF9T4XNAOfQWtFR13wg/YtgnIM1m3jjbtoLo1GKgau68NEp5oQVOMHWQC7/cHqJaWWsbEt/lQjr9wUoMIjjwzThJlWwF86rNVRkz+ORBDyoDioFTXcOSe93hy2Hm4ow8F2kDqlS+05v/qShOTiKWWw== firstname.lastname@example.org
3. Upload the SSH Keys to the Client account:
Choose the VPS service and find the button “SSH Key Management” on the left menu.
You can see in the screenshot above, that you can add new SSH Key by pressing the button “Add new SSH Key”, you will see the following menu then:
You simply name your SSH Key, enter the exact SSH Key that you generated and save it. Once this is done, you can reinstall the server and add the SSH Key to it
In the picture above you can see when installing / reinstalling OS, you choose the OS, then you need to mark a checkbox “User SSH Key“, it will display a drop-down menu, which you can then choose your saved SSH Key and continue installing OS.
4. Connect server with SSH keys
Connection via PuTTY (for Windows OS)
Most convenient is to create and save profile for connection in PuTTY. First of all open PuTTY and in the Host Name (or IP address) field enter your server hostname or IP address. Enter port for SSH into field Port (default is 22) and mark SSH as Connection type:
On the left-hand side of the window select Data under Connection. To the field Auto-login username enter root (or your username):
Expand SSH under Connection and select Auth. Click button Browse on the right-hand side of window and choose your private key.
Select the Session category and enter profile name to the Saved Sessions field. Click button Save in the Load, Save or Delete a stored session area.
Now you are to log in with saved profile – just choose it in the list under Saved Sessions and click button Open. You will not be asked for a password, but, if you had set a passphrase, you would be asked for it at every time you log in.
Connection via command line (for Linux OS)
Firstly you need to create a ~/.ssh/config file on your computer and add key and server details to it:
* Host is name of shortcut you will use for connect your server
* HostName is IP address of server you would connect
* User is root
* IdentityFile is full route to your private key
After ~/.ssh/config file would be created, you will be able to connect the server by shortcut name via command:
You will not be asked for a password, but, if you had set a passphrase, you would be asked for it at every time you log in.